Summary
OpenShell FS bridge writes stay pinned to the sandbox mount root
Affected Packages / Versions
- Package: openclaw (npm)
- Affected versions: <= 2026.4.21
- Fixed version: 2026.4.22
Impact
A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.
Fix
OpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.
Fix Commit(s)
Verification
- The fix commit is contained in the public v2026.4.22 tag.
- openclaw@2026.4.22 is published on npm and the compiled package contains the fix.
- Focused regression coverage for this path passed before publication.
Thanks @VladimirEliTokarev for reporting.
VladimirEliTokarev Reporter
Summary
OpenShell FS bridge writes stay pinned to the sandbox mount root
Affected Packages / Versions
Impact
A time-of-check/time-of-use race around OpenShell sandbox filesystem writes could let a symlink swap redirect a write outside the intended local mount root.
Fix
OpenShell write paths now validate the canonical target against the mount root, reject unsafe symlink parents and symlink leaves for writes, and use root-scoped write helpers before syncing to the remote sandbox.
Fix Commit(s)
Verification
Thanks @VladimirEliTokarev for reporting.