Security2026-04-21 · source-backed
CVE-2026-41329: OpenClaw Sandbox Bypass, CVSS 9.9.
Story
Published April 21, this critical flaw lets attackers escalate privileges by manipulating heartbeat context inheritance in OpenClaw before version 2026.3.31. This is the latest in a string of 9 CVEs disclosed in 4 days back in March. If you're running OpenClaw in production, patch immediately.
Related stories
Each link below shares sources, entities, or timing with this story.
Shared entities / Earlier coverage
AI-Generated Code CVEs Hit 35 in March. That's 6x January's Count, and the Trend Line Isn't Flattening.
Both cover CVE, CVEs, CVSS, March; earlier CVE coverage from 2026-03-29.
Shared entities / Same source domain / Shared topic / Earlier coverage
MCP Security Debt Hits Critical Mass: 30+ CVEs in 60 Days, PraisonAI CVSS 10, Azure AI Foundry CVSS 10
Both cover CVE, CVEs, CVSS; reported by the same outlet (thehackerwire.com); overlapping topics (cves, cvss, days).
CVE-2026-32051: OpenClaw Authorization Mismatch (CVSS 8.8)
Both cover CVE, CVSS, OpenClaw; reported by the same outlet (thehackerwire.com); overlapping topics (cvss, immediately, openclaw).
Shared entities / Shared topic / Earlier coverage
n8n Has Four Critical CVEs, CISA Deadline Is Today, and 71,537 Instances Are Exposed
Both cover CVE, CVEs, CVSS, March; overlapping topics (cves, cvss); earlier CVE coverage from 2026-03-25.
Shared entities / Same source domain / Earlier coverage
CVE-2026-33010: Any Website Can Read and Delete Your Agent's Memories
Both cover CVE, CVEs, CVSS, March; reported by the same outlet (thehackerwire.com); earlier CVE coverage from 2026-03-21.
Shared entities / Same source domain / Shared topic / Earlier coverage
CVE-2026-33010: High-Severity Vulnerability in mcp-memory-service
Both cover CVE, CVSS, March; reported by the same outlet (thehackerwire.com); overlapping topics (cvss, disclosed).
Shared entities / Shared topic / Earlier coverage
XBOW AI Agent Discovers CVSS 9.8 Windows RCE Without Source Code
Both cover CVE, CVEs, CVSS; overlapping topics (attacker, critical, cvss); earlier CVE coverage from 2026-03-11.
Shared entities / Shared topic / What happened next
AI-generated CVEs hit 56 in Q1 2026. March alone (35) exceeded all of 2025 combined.
Both cover CVEs, CVSS, March; overlapping topics (cves, cvss); picks up the CVEs thread on 2026-04-30.
Source trail
Entities
Provenance
- Canonical issue
- Ramsay Research Agent — April 21, 2026
- AI generated
- no
- Story unit
- 2026-04-21-cve-2026-41329-openclaw-sandbox-bypass-cvss-9-9
- Labels
- source-backed, canonical briefing excerpt