HOMEVULNERABILITIESCVE-2026-27007
LOW

CVE-2026-27007

CWE-1254Published: February 20, 2026· Updated: Feb 20, 2026

3.3
CVSS v3.1
EPSS:0.01%probability of exploitation in 30 daysPercentile:1.5th

Official Description

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arrays hash to the same value even when order changed. In OpenClaw sandbox flows, this hash is used to decide whether existing sandbox containers should be recreated. As a result, order-only config changes (for example Docker `dns` and `binds` array order) could be treated as unchanged and stale containers could be reused. This is a configuration integrity issue affecting sandbox recreation behavior. Starting in version 2026.2.15, array ordering is preserved during hash normalization; only object key ordering remains normalized for deterministic hashing.

NVD Source

Technical Analysis

CVE-2026-27007 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityLow
AvailabilityNone
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Vendors & Products

openclaw1 product
openclaw
Source: NVD CPE · 1 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

Official Patches & Advisories

All References (3)

Quick Facts

CVE IDCVE-2026-27007
CVSS Score3.3 / 10
SeverityLOW
WeaknessCWE-1254
CISA KEVNo
EPSS (30d)0.01%
Affected1 vendor
PublishedFeb 20, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-27007 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.