Skip to main content

OpenClaw CVE-2026-41384

| EUVDEUVD-2026-26093 HIGH
External Control of System or Configuration Setting (CWE-15)
2026-04-28 VulnCheck GHSA-vfw7-6rhc-6xxg
8.5
CVSS 4.0 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
P
Scope
X

Lifecycle Timeline

7
Re-analysis Queued
Apr 28, 2026 - 20:23 vuln.today
cvss_changed
Analysis Generated
Apr 28, 2026 - 20:03 vuln.today
CVSS changed
Apr 28, 2026 - 19:52 NVD
7.8 (HIGH) 8.5 (HIGH)
EUVD ID Assigned
Apr 28, 2026 - 19:30 euvd
EUVD-2026-26093
Analysis Generated
Apr 28, 2026 - 19:30 vuln.today
Patch released
Apr 28, 2026 - 19:30 nvd
Patch available
CVE Published
Apr 28, 2026 - 18:09 nvd
HIGH 8.5

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 3 npm packages depend on openclaw (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.24.

DescriptionCVE.org

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.

AnalysisAI

Environment variable injection in OpenClaw's CLI backend runner enables local attackers to achieve arbitrary code execution or exfiltrate sensitive data by manipulating workspace configuration files. Attackers with the ability to supply malicious workspace configs can inject environment variables into backend processes during spawning, exploiting CWE-15 (external control of system or configuration setting). Vendor patch available via GitHub commit c2fb7f1. CVSS 8.5 reflects high impact across confidentiality, integrity, and availability, though exploitation requires local access and user interaction to load the malicious workspace config. No evidence of active exploitation (not in CISA KEV) or public proof-of-concept at time of analysis.

Technical ContextAI

This vulnerability exploits CWE-15 (External Control of System or Configuration Setting) in OpenClaw's command-line interface backend runner. The affected component (cpe:2.3:a:openclaw:openclaw) fails to sanitize or validate environment variable inputs derived from workspace configuration files before spawning backend processes. Environment variable injection is a class of attack where untrusted input controls process environment variables, which can then influence program behavior, library loading paths (LD_PRELOAD, PATH manipulation), or configuration settings. In CLI tools that spawn subprocesses, injected environment variables can alter execution flow, load malicious shared libraries, or leak credentials through modified logging/debugging variables. The CVSS 4.0 vector indicates local attack vector (AV:L) with low complexity (AC:L) but requires user interaction (UI:P) to load the crafted workspace configuration, suggesting the victim must explicitly open or import a malicious workspace file.

RemediationAI

Upgrade to OpenClaw version 2026.3.24 or later, which includes the fix committed in GitHub commit c2fb7f1948c3226732a630256b5179a60664ec24 (https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24). Review the vendor security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg for upgrade instructions and additional context. If immediate patching is not feasible, implement compensating controls: restrict workspace configuration files to trusted internal sources only, implement file integrity monitoring on workspace config directories, and educate users to never load workspace configs from external or untrusted parties. Consider running OpenClaw CLI processes in sandboxed environments (containers, VMs) with restricted environment variable inheritance to limit blast radius of potential exploitation. Trade-off: sandboxing may break legitimate workflows that depend on specific environment variables; test thoroughly before production deployment. Review audit logs for unexpected workspace config loads or backend process spawns with anomalous environment variables.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

CVE-2026-41384 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy