CVE-2026-29610

HIGH EPSS 36.9%
Published Mar 5, 20263mo ago · Modified Jun 17, 20261w ago
7.7 CVSS 4.0
High
Find Similar
Published Mar 5, 2026 3mo ago
Last Modified Jun 17, 2026 1w ago

Description

OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution.

CVSS Details

Base Score
7.7
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
36.9% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-427

Affected Products 1

VendorProductVersionRange
openclawopenclaw* <2026.2.14

References 3

  • github.com https://github.com/openclaw/openclaw/commit/013e8f6b3be3333a229a066eef26a45fec47ffcc
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-jqpq-mgvm-f9r6
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-command-hijacking-via-unsafe-path-handling
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/013e8f6b3be3333a229a066eef26a45fec47ffcc
    Patch