Vulnerability in Openclaw

CVE-2026-27007

OpenClaw is a personal AI assistant. Prior to version 2026.2.15, `normalizeForHash` in `src/agents/sandbox/config-hash.ts` recursively sorted arrays that contained only primitive values. This made order-sensitive sandbox configuration arra…

EPSS: 0.000 (0.4th percentile) — read the EPSS interpretation.

Affected products

Openclaw — versions < 2026.2.15

Weakness classification (CWE)

CWE-1254

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-xxvh-5hwj-42pp (x_refsource_CONFIRM)
https://github.com/openclaw/openclaw/commit/41ded303b4f6dae5afa854531ff837c3276ad60b (x_refsource_MISC)
https://github.com/openclaw/openclaw/releases/tag/v2026.2.15 (x_refsource_MISC)