OpenClaw CLI Vulnerability Allows Code Execution via Environment Variable Injection
The National Vulnerability Database has disclosed CVE-2026-41384, a high-severity vulnerability affecting OpenClaw before version 2026.3.24. This flaw, rated with a CVSS score of 7.8 (High), stems from an environment variable injection vulnerability within the CLI backend runner. Attackers can exploit this by crafting malicious workspace configurations.
This vulnerability allows for the injection of arbitrary environment variables into backend processes spawned by the CLI. According to the National Vulnerability Database, this can lead to remote code execution or exposure of sensitive data. The attack vector is local, requiring user interaction (UI:R), but the impact on confidentiality, integrity, and availability is high.
While specific affected products are not detailed by the National Vulnerability Database, any organization leveraging OpenClaw in a multi-user or shared environment should prioritize patching. The ease of exploitation combined with the potential for full system compromise makes this a critical update. Defenders must assume attacker access to workspace configurations if they are not tightly controlled.
What This Means For You
- If your organization uses OpenClaw, immediately prioritize patching to version 2026.3.24 or later. This isn't just a theoretical vulnerability; it's a direct path to code execution and data exfiltration if an attacker can manipulate workspace configurations. Review who has privileges to modify these configurations and enforce strict access controls. Assume any unpatched instance is vulnerable to internal or supply chain compromise.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-41384 - OpenClaw CLI Environment Variable Injection
title: CVE-2026-41384 - OpenClaw CLI Environment Variable Injection
id: scw-2026-04-28-ai-1
status: experimental
level: high
description: |
Detects the use of the 'OPENCLAW_RUNNER_ARGS' environment variable, which is exploited in CVE-2026-41384 to inject malicious environment variables into the OpenClaw CLI backend runner, leading to code execution. This rule specifically targets the OpenClaw binary and the known injection vector.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-41384/
tags:
- attack.execution
- attack.t1574.002
logsource:
category: process_creation
detection:
selection:
Image|contains:
- 'openclaw'
CommandLine|contains:
- 'OPENCLAW_RUNNER_ARGS'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-41384 | RCE | OpenClaw before 2026.3.24 |
| CVE-2026-41384 | Information Disclosure | OpenClaw before 2026.3.24 |
| CVE-2026-41384 | Code Injection | environment variable injection in the CLI backend runner |
| CVE-2026-41384 | Misconfiguration | malicious workspace configuration |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 28, 2026 at 22:37 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
Daily Security Digest — 2026-04-28
80 vulnerability disclosures (20 Critical, 60 High) and 25 curated intelligence stories from 9 sources.
CVE-2026-42431: OpenClaw Vulnerability Allows Persistent Browser Profile Mutation
CVE-2026-42431 — OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to...
OpenClaw CVE-2026-42426: Improper Authorization Allows Node Pairing Bypass
CVE-2026-42426 — OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged...