GHSA-cfp9-w5v9-3q4h: OpenClaw: Image Tool `tools.fs.workspaceOnly` Bypass via Sandbox Bridge Mounts

March 26, 2026

The image tool did not fully honor the tools.fs.workspaceOnly filesystem boundary. In affected releases, image-path resolution could still traverse sandbox bridge mounts outside the workspace and read files from mounted directories that the other file tools would reject.

References

github.com/advisories/GHSA-cfp9-w5v9-3q4h
github.com/openclaw/openclaw
github.com/openclaw/openclaw/commit/14baadda2c456f3cf749f1f97e8678746a34a7f4
github.com/openclaw/openclaw/commit/dd9d9c1c609dcb4579f9e57bd7b5c879d0146b53
github.com/openclaw/openclaw/security/advisories/GHSA-cfp9-w5v9-3q4h

Code Behaviors & Features

Detect and mitigate GHSA-cfp9-w5v9-3q4h with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →