![[openclaw] OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>](/assets/images/github_com_1772501080511.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 1
[openclaw] OpenClaw has a sandbox network isolation bypass via docker.network=container:<id>
By GitHub2026๋
3์ 3์ผ
**[openclaw] OpenClaw has a sandbox network isolation bypass via docker.network=container:**
Summary In openclaw@2026.2.23, sandbox network hardening blocks network=host but still allows network=container:<id>. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a trusted-operator configuration path (for example setting agents.defaults.sandbox.docker.network in gateway config). It is not an unauthenticated remote exploit by itself. Details Current validation blocks only host, while forwarding other values to Docker create args: validateNetworkMode(network) only rejects values in BLOCKED_NETWORK_MODES = {"host"}...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary In openclaw@2026.2.23, sandbox network hardening blocks network=host but still allows network=container:<id>. This can let a sandbox join another container's network namespace and reach services available in that namespace. Preconditions and Trust Model Context This issue requires a trusted-operator configuration path (for example setting agents.defaults.sandbox.docker.network in gateway config). It is not an unauthenticated remote exploit by itself. Details Current validation blocks only host, while forwarding other values to Docker create args: validateNetworkMode(network) only rejects values in BLOCKED_NETWORK_MODES = {"host"}...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.