CVE-2026-28479 Overview
OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be misinterpreted as another and enabling unsafe sandbox state reuse.
Critical Impact
This weak hash algorithm vulnerability enables cache poisoning attacks that can bypass sandbox isolation, potentially allowing malicious sandbox configurations to be reused in place of legitimate ones.
Affected Products
- OpenClaw versions prior to 2026.2.15
Discovery Timeline
- 2026-03-05 - CVE CVE-2026-28479 published to NVD
- 2026-03-05 - Last updated in NVD database
Technical Details for CVE-2026-28479
Vulnerability Analysis
This vulnerability stems from the use of SHA-1 (CWE-327: Use of a Broken or Risky Cryptographic Algorithm) for computing cache keys in OpenClaw's sandbox configuration system. SHA-1 has been cryptographically broken since 2017 when Google demonstrated practical collision attacks (SHAttered), making it unsuitable for security-sensitive applications where collision resistance is required.
In OpenClaw's implementation, sandbox identifiers for both Docker and browser sandbox configurations are hashed using SHA-1 to generate cache keys. Because SHA-1 is vulnerable to collision attacks, an attacker can craft two different sandbox configurations that produce identical hash values. This enables cache poisoning scenarios where a malicious or improperly configured sandbox state can be retrieved instead of the intended legitimate configuration.
Root Cause
The root cause is the use of the deprecated sha1 algorithm in the computeHash function within src/agents/sandbox/config-hash.ts. The function normalizes input data and generates a hexadecimal hash digest using SHA-1, which lacks sufficient collision resistance for security-critical cache key generation.
Attack Vector
This vulnerability is exploitable over the network without authentication or user interaction. An attacker who can influence sandbox configurations could craft a collision with a legitimate configuration's SHA-1 hash. When the system retrieves the cached sandbox state using the colliding hash, it may load the attacker-controlled configuration instead, leading to sandbox escape or unsafe state reuse scenarios. The attack enables unauthorized access to confidential information through cache confusion.
// Vulnerable code in src/agents/sandbox/config-hash.ts
function computeHash(input: unknown): string {
const payload = normalizeForHash(input);
const raw = JSON.stringify(payload);
- return crypto.createHash("sha1").update(raw).digest("hex");
+ return crypto.createHash("sha256").update(raw).digest("hex");
}
Source: GitHub Commit Change
Detection Methods for CVE-2026-28479
Indicators of Compromise
- Unexpected sandbox configuration mismatches or unexpected behavior in Docker or browser sandbox environments
- Cache entries with suspiciously similar or identical configurations that should be distinct
- Anomalous hash collisions detected in sandbox configuration cache logs
- Unusual sandbox state reuse patterns that deviate from expected isolation behavior
Detection Strategies
- Monitor application logs for sandbox configuration cache hits that result in unexpected configuration loading
- Implement integrity verification for sandbox configurations beyond cache key matching
- Audit code dependencies to identify usage of SHA-1 in security-sensitive contexts
- Deploy static analysis tools to flag deprecated cryptographic functions (CWE-327)
Monitoring Recommendations
- Enable verbose logging for sandbox initialization and cache retrieval operations
- Implement alerting on cache key collision events or unexpected cache behavior
- Monitor for configuration drift between expected and loaded sandbox states
- Track cryptographic function usage across application dependencies during security audits
How to Mitigate CVE-2026-28479
Immediate Actions Required
- Upgrade OpenClaw to version 2026.2.15 or later immediately
- Clear existing sandbox configuration caches to remove potentially poisoned entries
- Review sandbox configurations for any signs of tampering or unexpected modifications
- Audit application logs for suspicious cache-related anomalies prior to patching
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.2.15. The fix replaces the deprecated SHA-1 hash algorithm with SHA-256, which provides significantly stronger collision resistance. The patch modifies the computeHash function in src/agents/sandbox/config-hash.ts to use crypto.createHash("sha256") instead of crypto.createHash("sha1"). For detailed patch information, see the GitHub Security Advisory and the GitHub Commit Change.
Workarounds
- If immediate patching is not possible, consider implementing additional configuration validation beyond hash-based cache lookups
- Deploy application-level integrity checks that verify sandbox configuration contents match expected values
- Isolate affected OpenClaw instances from untrusted network access until patched
- Manually apply the cryptographic fix by replacing SHA-1 with SHA-256 in the config-hash.ts file
# Configuration example
# Clear sandbox configuration cache after upgrading
rm -rf /var/cache/openclaw/sandbox/*
# Verify the patched version is installed
openclaw --version
# Expected output: 2026.2.15 or later
# Restart OpenClaw services to ensure new hash algorithm is active
systemctl restart openclaw
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
