CVE-2026-32915: What It Means When Your Sandbox Does Not Contain the Agent

OpenClaw's core safety promise is that each agent runs in a box. That box -- the sandbox -- is supposed to keep the agent from touching things it has no business touching. CVE-2026-32915 breaks that promise from the inside, and it's worth understanding what that actually means.

TL;DR: A new OpenClaw vulnerability (CVE-2026-32915, CVSS 8.8) let a low-privilege sandboxed subagent break out of its own scope and act with the permissions of its parent agent. No exploitation reported. Patched in v2026.3.11. If you're running OpenClaw, check your version now.

What the Sandbox Is Supposed to Do

Think of the sandbox like a guest user account on your computer. The guest can use the browser and a few apps, but they can't install software, change system settings, or read files outside their own folder. The sandbox is supposed to be the same thing for AI subagents -- limited access, limited reach, no spillover.

The problem with CVE-2026-32915 is that a sandboxed subagent -- the low-privilege guest -- could reach outside its account and access the control surface for all the other agents running alongside it. From there, it could steer or shut down sibling agents, or force execution under the broader permission set of the parent.

That's not a guest user reading a file they shouldn't. That's a guest user disabling the locks on every other room in the building.

Why This One Is Different

This is the 10th OpenClaw CVE in 13 days. The pattern matters as much as any individual flaw.

Most of the previous CVEs were about what external attackers could do to your agent. This one is about what happens inside -- one agent affecting others that are supposed to be isolated from it. The attack surface here isn't your network connection or your API key. It's the trust model between your own agents.

If you're running multiple agents handling different tasks -- one for email, one for files, one for scheduling -- this flaw is the specific threat to that architecture.

What Should You Do Right Now?

One step: verify your OpenClaw version is v2026.3.11 or above. That's it. The patch is already out, no exploitation has been reported, and there's no complex mitigation required.

If you're on an older version, update first. Everything else is secondary.

Key Takeaways

• CVE-2026-32915 allowed a sandboxed subagent to escape its own permission boundary and act under a parent agent's broader scope
• The flaw specifically breaks multi-agent architectures where different agents handle different tasks under the assumption of isolation
• Patched in v2026.3.11 -- no exploitation reported as of publication
• This is the 10th OpenClaw CVE in 13 days, a pattern worth tracking even if each individual fix is straightforward