CVE-2026-27007 Overview
CVE-2026-27007 is a configuration integrity vulnerability in OpenClaw, a personal AI assistant application. Prior to version 2026.2.15, the normalizeForHash function in src/agents/sandbox/config-hash.ts incorrectly sorted arrays containing only primitive values, causing order-sensitive sandbox configuration arrays to produce identical hash values even when their order changed. This behavior affects sandbox container recreation decisions in OpenClaw's sandbox flows.
Critical Impact
Stale sandbox containers may be reused when configuration changes involve only array ordering modifications (such as Docker dns and binds arrays), potentially leading to security policy inconsistencies and unexpected container behavior.
Affected Products
- OpenClaw versions prior to 2026.2.15
- OpenClaw Node.js deployments using sandbox functionality
- Systems utilizing Docker sandbox container orchestration with OpenClaw
Discovery Timeline
- 2026-02-20 - CVE-2026-27007 published to NVD
- 2026-02-20 - Last updated in NVD database
Technical Details for CVE-2026-27007
Vulnerability Analysis
The vulnerability exists in OpenClaw's sandbox configuration hashing mechanism. The normalizeForHash function is responsible for creating deterministic hash values from configuration objects to determine whether sandbox containers need recreation. However, the implementation flaw caused all arrays containing primitive values to be sorted before hashing, which violated the semantic meaning of order-dependent configuration arrays.
In containerized environments, certain configuration parameters are explicitly order-sensitive. For example, Docker's dns array specifies DNS servers in priority order, and the binds array defines volume mount ordering. When these arrays were normalized through sorting, two configurations with different ordering would produce identical hashes, causing the system to incorrectly identify them as unchanged.
This means an administrator who intentionally modified the priority order of DNS servers or bind mounts would find that OpenClaw continued using stale containers with the previous configuration, as the hash comparison would indicate no changes occurred.
Root Cause
The root cause is improper logic separation in the normalizeForHash function. The function was designed to normalize object key ordering for deterministic hashing (a valid operation since object key order is not semantically meaningful in JavaScript/JSON). However, this normalization was incorrectly extended to arrays containing primitive values.
The vulnerable code checked if all array elements were primitives and, if so, sorted them alphabetically. This approach failed to recognize that array ordering frequently carries semantic meaning in configuration contexts, unlike object key ordering.
Attack Vector
This vulnerability requires local access and affects configuration integrity. An attacker or administrator could exploit this behavior in scenarios where:
- Security-critical configurations depend on array ordering (e.g., DNS resolution priority, firewall rule precedence)
- Configuration changes are made that only affect array ordering
- The system fails to recreate containers, leaving stale security configurations in place
The following patch shows the security fix applied in version 2026.2.15:
agentWorkspaceDir: string;
};
-function isPrimitive(value: unknown): value is string | number | boolean | bigint | symbol | null {
- return value === null || (typeof value !== "object" && typeof value !== "function");
-}
function normalizeForHash(value: unknown): unknown {
if (value === undefined) {
return undefined;
}
if (Array.isArray(value)) {
- const normalized = value
- .map(normalizeForHash)
- .filter((item): item is unknown => item !== undefined);
- const primitives = normalized.filter(isPrimitive);
- if (primitives.length === normalized.length) {
- return [...primitives].toSorted((a, b) =>
- primitiveToString(a).localeCompare(primitiveToString(b)),
- );
- }
- return normalized;
+ return value.map(normalizeForHash).filter((item): item is unknown => item !== undefined);
}
if (value && typeof value === "object") {
const entries = Object.entries(value).toSorted(([a], [b]) => a.localeCompare(b));
Source: GitHub Commit 41ded30
The fix removes the isPrimitive helper function and the conditional sorting logic for primitive arrays. Arrays now preserve their original ordering during normalization, while object keys continue to be sorted for deterministic hashing.
Detection Methods for CVE-2026-27007
Indicators of Compromise
- Sandbox containers that persist despite configuration file changes
- Discrepancies between expected and actual DNS resolution behavior in sandbox environments
- Volume mount configurations not reflecting recent administrative changes
- Configuration audit logs showing changes that were not applied to running containers
Detection Strategies
- Compare deployed sandbox container configurations against source configuration files to identify drift
- Monitor OpenClaw logs for configuration hash computations and container recreation decisions
- Implement configuration validation scripts that verify array ordering in deployed containers
- Review sandbox container uptime against configuration change timestamps
Monitoring Recommendations
- Enable verbose logging for sandbox configuration hash calculations
- Set up alerts for configuration changes that do not result in container recreation
- Implement periodic configuration drift detection between intended and actual sandbox states
- Monitor for unusual container reuse patterns when configuration updates are expected
How to Mitigate CVE-2026-27007
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.15 or later immediately
- Manually restart all sandbox containers after upgrading to ensure fresh configurations
- Audit existing sandbox configurations for any order-dependent arrays that may have been affected
- Review container configurations to verify they match intended settings
Patch Information
The vulnerability is addressed in OpenClaw version 2026.2.15. The fix preserves array ordering during hash normalization while maintaining deterministic hashing for object keys. The patch is available through the official GitHub repository.
For detailed information, refer to the GitHub Security Advisory GHSA-xxvh-5hwj-42pp and the v2026.2.15 release notes.
Workarounds
- Force container recreation by modifying non-array configuration values alongside array changes
- Implement manual container restart procedures after any configuration change
- Add dummy object entries to configurations to change the overall hash when array order is modified
- Use container orchestration tools with independent configuration drift detection
# Force sandbox container recreation after configuration changes
openclaw sandbox restart --force-recreate
# Verify current container configuration matches source
openclaw sandbox config --verify
# List containers with configuration drift
openclaw sandbox status --check-drift
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
