Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence

Briefly

Four security flaws in OpenClaw can be chained to enable data theft, privilege escalation, and persistence. Two TOCTOU race conditions in OpenShell managed sandbox backend and OpenShell allow attackers to bypass sandbox restrictions by redirecting writes or reading files outside the intended mount root. An incomplete disallowed inputs issue allows bypassing allowlist validation by embedding shell expansion tokens in heredoc bodies to execute unapproved commands at runtime. An improper access control flaw allows non-owner loopback clients to impersonate an owner, gaining control over gateway configuration, cron scheduling, and execution environment management. A multi-step exploitation path starts with code execution in the sandbox, then uses file and command issues to expose credentials and secrets, escalates to owner-level runtime control, and finally uses the write-bypass flaw to tamper with configuration and plant backdoors.