Skip to main content

OpenClaw EUVDEUVD-2026-37148

| CVE-2026-53846 HIGH
Untrusted Search Path (CWE-426)
7.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.3 MEDIUM

Local workspace access plus a victim-run install (AV:L, UI:R); AC:H for the attack-requirement of a writable workspace and present package-manager target; PR:N since the attacker needs no OpenClaw auth; high C/I, no availability impact.

3.1 AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 20:02 EUVD
Analysis Generated
Jun 16, 2026 - 18:55 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.29.

DescriptionCVE.org

OpenClaw before 2026.4.29 contains a path traversal vulnerability in the install helper that allows workspace .env files to override the npm_execpath configuration used for bundled runtime dependency installation. Attackers with workspace access can execute unintended local package-manager executables during dependency setup to compromise the build environment.

AnalysisAI

Untrusted search path in OpenClaw versions prior to 2026.4.29 lets workspace-local .env files override the npm_execpath variable consulted by the install helper, redirecting bundled dependency installation to an attacker-controlled package-manager binary. An attacker who can place files in the workspace can hijack the runtime dependency setup step to compromise the build environment under the developer's identity, with no public exploit identified at time of analysis.

Technical ContextAI

OpenClaw is a JavaScript/Node-based project that uses an install helper to fetch bundled runtime dependencies via the package manager indicated by the npm_execpath environment variable (a standard npm/Yarn convention pointing to the package-manager executable invoked for child scripts). Per CWE-426 (Untrusted Search Path), the helper resolves the executable path from environment input read out of project-local .env files, so a malicious value placed in a workspace .env can point npm_execpath at any binary on the local filesystem. Combined with path traversal in how the helper loads .env, this lets a relative path escape the expected workspace directory and reach an arbitrary executable, which the helper then runs as the package-installation tool. The single affected CPE, cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*, covers all OpenClaw versions before 2026.4.29.

RemediationAI

Vendor-released patch: upgrade OpenClaw to 2026.4.29 or later, which is the fixed release identified in GHSA-24vr-rprv-67rf (https://github.com/openclaw/openclaw/security/advisories/GHSA-24vr-rprv-67rf) and the VulnCheck advisory (https://www.vulncheck.com/advisories/openclaw-arbitrary-package-manager-execution-via-workspace-env-npm-execpath). Until the upgrade is applied, do not run OpenClaw install/setup steps against untrusted workspaces or repositories, delete or audit any unexpected .env files at the workspace root before invoking dependency installation, and explicitly unset or pin npm_execpath in the shell environment used to run installs so a workspace .env cannot override the resolved package-manager path (side effect: build scripts that rely on the calling package manager being auto-detected may need an explicit --npm/--yarn flag). For CI, restrict who can push .env files and run installs inside ephemeral, isolated runners so a hijacked package-manager binary cannot persist or reach long-lived secrets.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-37148 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy