Skip to main content

OpenClaw EUVD-2026-37144

| CVE-2026-53842 HIGH
Untrusted Search Path (CWE-426)
2026-06-16 VulnCheck GHSA-9fr2-p65v-gqxq
Python RCE Openclaw
7.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.0 MEDIUM

Local vector (AV:L) because .env and runtime are host-side; AC:H and PR:L reflect required workspace write access; UI:R for operator-triggered Gmail setup; C/I:H for code execution, A:N as availability is not the primary impact.

3.1 AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 20:02 EUVD
Analysis Generated
Jun 16, 2026 - 18:56 vuln.today

DescriptionCVE.org

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution.

Articles & Coverage 1

News 6 New Python Vulnerabilities - 2 Critical, 4 High Severity Jun 17, 2026

AnalysisAI

Arbitrary Python runtime execution in OpenClaw before 2026.5.2 lets an attacker with write access to the workspace plant a malicious .env file that overrides the CLOUDSDK_PYTHON variable used during Gmail setup, redirecting gcloud invocations to an attacker-controlled Python interpreter and leading to code execution. The CVSS 4.0 vector (AV:L/AT:P/UI:A) confirms the attack is local, requires a specific attack condition, and depends on a user/operator action - no public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain write access to OpenClaw workspace repo
Delivery
Plant .env setting CLOUDSDK_PYTHON to malicious interpreter
Exploit
Stage attacker-controlled Python binary on host
Execution
Operator launches Gmail setup in OpenClaw
Persist
gcloud reads CLOUDSDK_PYTHON and executes attacker interpreter
Impact
Arbitrary code runs as operator user
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that (1) the attacker can write to an OpenClaw workspace's .env file (described as 'repository access'), (2) the victim operator triggers the Gmail setup flow that invokes gcloud, and (3) the attacker has staged or can reach a Python binary/script that the manipulated CLOUDSDK_PYTHON path resolves to. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Real-world risk is moderate and narrow. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who can commit to a repository that an OpenClaw operator later opens drops a .env file setting CLOUDSDK_PYTHON to a path under their control (for example, a script staged elsewhere in the repo). When the operator runs the Gmail setup, OpenClaw loads the .env, invokes gcloud, and gcloud launches the attacker's interpreter - executing arbitrary code as the operator. …
Remediation Vendor-released patch: upgrade OpenClaw to 2026.5.2 or later, per the GitHub Security Advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-fq9j-vw4w-fr6v and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-arbitrary-python-runtime-execution-via-cloudsdk-python-environment-variable. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Identify all OpenClaw installations and document versions currently in use. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-20251 HIGH
8.8 Jun 10

Remote code execution in Splunk Enterprise, Splunk Cloud Platform, and the Splunk Secure Gateway app allows a low-privil
CVE-2026-53753 CRITICAL
9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL
9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U

Share

EUVD-2026-37144 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy