Skip to main content

OpenClaw EUVDEUVD-2026-37160

| CVE-2026-53858 HIGH
Untrusted Search Path (CWE-426)
7.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
7.0 HIGH
CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
6.6 MEDIUM

Local workspace-trust flaw: attacker needs ability to write a .env in the victim's workspace (PR:L) and the victim must open it (UI:R); resulting code execution yields high C/I but no availability impact.

3.1 AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
4.0 AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jun 16, 2026 - 20:02 EUVD
Analysis Generated
Jun 16, 2026 - 18:51 vuln.today

Blast Radius

ecosystem impact
† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth
  • 2 npm packages depend on openclaw (2 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.5.2.

DescriptionCVE.org

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution.

AnalysisAI

Untrusted search path in OpenClaw before 2026.5.2 allows local attackers who can influence a workspace .env file to redirect bundled runtime dependency loading to attacker-controlled paths, resulting in arbitrary code execution during dependency resolution. The STATE_DIRECTORY environment variable is not validated before being used to anchor runtime dependency roots, so a poisoned workspace can execute code in the context of a user who opens it. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Technical ContextAI

OpenClaw is an open-source workspace/runtime tool that resolves bundled runtime dependencies relative to a state directory configured via the STATE_DIRECTORY environment variable, which can be supplied by a project's workspace .env file. The flaw maps to CWE-426 (Untrusted Search Path): because the runtime trusts a value loaded from in-workspace configuration, an attacker who controls that .env can point dependency lookup at arbitrary local paths containing malicious modules. The single CPE cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* indicates the upstream OpenClaw application itself across all versions prior to 2026.5.2 is in scope, with no separate vendor distribution split.

RemediationAI

Vendor-released patch: upgrade OpenClaw to 2026.5.2 or later, which constrains how STATE_DIRECTORY is resolved for bundled runtime dependencies, per the GHSA at https://github.com/openclaw/openclaw/security/advisories/GHSA-wc84-j36w-pw4x. Until the upgrade can be applied, treat workspace .env files as untrusted input: do not open OpenClaw workspaces obtained from third parties, strip or override STATE_DIRECTORY from .env loading (accepting that projects relying on a custom state directory will break), and run OpenClaw under a least-privileged user account so any code executed during dependency resolution is contained. On shared developer or CI hosts, consider blocking write access to repository .env files from unprivileged automation and reviewing recently modified .env files for unexpected STATE_DIRECTORY entries; the trade-off is added friction for legitimate per-project configuration overrides.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-37160 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy