AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-xxvh-5hwj-42pp: OpenClaw's sandbox config hash sorted primitive arrays and suppressed needed container recreation

mediumvulnerability

security

Source: GitHub Advisory DatabaseFebruary 18, 2026CVE-2026-27007

Summary

OpenClaw's sandbox configuration had a bug where the `normalizeForHash` function (a process that converts configuration settings into a unique identifier) was sorting arrays containing simple values, causing different array orders to produce identical hashes. This meant that sandbox containers (isolated software environments) weren't being recreated when only the order of configuration settings like DNS or file bindings changed, potentially leaving stale containers in use.

Solution / Mitigation

Update OpenClaw to version 2026.2.15 or later. The fix preserves array ordering during hash normalization, so only object key ordering remains normalized. This ensures that configuration changes affecting array order are properly detected and containers are recreated as needed.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrity

AI Component TargetedInference

Affected Vendors

Affected Packages

openclaw@< 2026.2.15 (fixed: 2026.2.15)

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: February 18, 2026 at 07:00 PM

Classified by LLM (prompt v3) · confidence: 75%