anonhaven
Ad

CVE-2026-28479

HIGH CVSS 4.0: 8.7 EPSS 0.02%
Updated Mar 05, 2026
Docker
Parameter Value
CVSS 8.7 (HIGH)
Affected Versions before 2026.2.15
Type CWE-327 (Weak Crypto Algorithm (Слабый алгоритм шифрования))
Vendor Docker
Public PoC No

OpenClaw versions prior to 2026.2.15 use SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations, which is deprecated and vulnerable to collision attacks. An attacker can exploit SHA-1 collisions to cause cache poisoning, allowing one sandbox configuration to be misinterpreted as another and enabling unsafe sandbox state reuse.

Attack Parameters

Attack Vector
Network
Атака возможна удалённо
Attack Complexity
Low
Легко эксплуатировать
Attack Requirements
None
Нет дополнительных условий
Privileges Required
None
Права не нужны
User Interaction
None
Не нужно действие пользователя

Impact Assessment

Confidentiality
High
Полная утечка данных
Integrity
None
Нет модификации данных
Availability
None
Нет нарушения работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-327 Weak Crypto Algorithm (Слабый алгоритм шифрования)

References 3

https://github.com/openclaw/openclaw/commit/559c8d9930eebb5356506ff1a8cd3dbaec9…
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-fh3f-q9qw-93j9
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-cache-poisoning-via-deprecated-sh…
disclosure@vulncheck.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-29093

Docker

8.1

CVE-2026-28406

Docker

8.2

CVE-2026-28400

Docker

7.5

CVE-2026-28355

Docker

1.3

CVE-2026-27734

Docker

6.5