GHSA-GQ83-8Q7Q-9HFX: GHSA-GQ83-8Q7Q-9HFX: Race Condition in OpenClaw Sandbox Registry Leads to Data Corruption

GHSA-GQ83-8Q7Q-9HFX: Race Condition in OpenClaw Sandbox Registry Leads to Data Corruption Vulnerability ID: GHSA-GQ83-8Q7Q-9HFX CVSS Score: 6.6 Published: 2026-03-03 OpenClaw versions prior to 2026.2.18 contain a critical race condition in the sandbox registry management system. The vulnerability arises from insecure file handling operations during read-modify-write cycles of the containers.json and browsers.json registry files. Concurrent attempts to update or remove registry entries can result in lost updates, state desynchronization, or complete truncation of the registry data. This flaw leads to orphaned containers and resource leaks in high-concurrency environments. TL;DR A race condition in OpenClaw's registry file handling allows concurrent writes to corrupt or wipe sandbox tracking data. Patched in 2026.2.18 via file locking and atomic writes. ⚠️ Exploit Status: POC Technical Details CWE ID : CWE-362 (Race Condition) Related CWE : CWE-367 (TOCTOU) CVSS Score : 6.6 (Medium) Atta