OpenClaw Incomplete Host Environment Sanitization Allows Package Overrides

/HIGH /CVSS 7.8/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvehigh-severitycwe-183
OpenClaw Incomplete Host Environment Sanitization Allows Package Overrides

The National Vulnerability Database (NVD) reports CVE-2026-41387, a high-severity vulnerability in OpenClaw versions prior to 2026.3.22. This flaw stems from incomplete host environment variable sanitization within host-env-security-policy.json and host-env-security.ts, enabling attackers to override package manager environment settings.

This vulnerability presents a critical supply chain risk. Attackers can exploit approved exec requests to redirect package resolution or runtime bootstrap processes to their controlled infrastructure. This effectively allows the execution of trojanized content, bypassing security controls and potentially leading to full system compromise.

Defenders must recognize the severity of this issue. A successful exploit means an attacker can inject malicious code into the software development lifecycle or runtime environment, making it a prime target for sophisticated adversaries looking to establish persistence or exfiltrate data. Patching is paramount.

What This Means For You

  • If your organization utilizes OpenClaw, immediately prioritize patching to version 2026.3.22 or later. This vulnerability allows for critical package manager overrides, meaning an attacker could inject malicious code into your environment through seemingly legitimate execution requests. Audit your build and deployment pipelines for any anomalous `exec` requests or unusual package resolutions.

Related ATT&CK Techniques

T1505.003 Server Software Component: Service Privilege Escalation T1059.004 Command and Scripting Interpreter: Unix Shell Execution T1078.004 Valid Accounts: Service Accounts Persistence

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1505.003 Defense Evasion

OpenClaw Package Manager Override Attempt - CVE-2026-41387

Sigma YAML — free preview 
title: OpenClaw Package Manager Override Attempt - CVE-2026-41387
id: scw-2026-04-28-ai-1
status: experimental
level: critical
description: |
  Detects attempts to override package manager behavior within the OpenClaw environment, indicative of CVE-2026-41387. Attackers exploit incomplete sanitization of host environment variables to redirect package resolution or runtime bootstrap to malicious infrastructure. This rule specifically looks for common package managers being invoked by OpenClaw with suspicious arguments like --registry or --proxy.
author: SCW Feed Engine (AI-generated)
date: 2026-04-28
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-41387/
tags:
  - attack.defense_evasion
  - attack.t1505.003
logsource:
    category: process_creation
detection:
  selection:
      ParentImage|contains:
          - 'openclaw.exe'
      Image|contains:
          - 'npm.exe'
          - 'yarn.exe'
          - 'pip.exe'
          - 'nuget.exe'
      CommandLine|contains:
          - '--registry'
          - '--proxy'
          - '--config-file'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-41387 Code Injection OpenClaw versions prior to 2026.3.22
CVE-2026-41387 Misconfiguration Incomplete host environment variable sanitization in host-env-security-policy.json and host-env-security.ts
CVE-2026-41387 RCE Exploitation of package-manager environment overrides via approved exec requests to redirect package resolution or runtime bootstrap

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedApril 28, 2026 at 22:37 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Featured

Daily Security Digest — 2026-04-28

80 vulnerability disclosures (20 Critical, 60 High) and 25 curated intelligence stories from 9 sources.

daily-digestvulnerabilityCVEcriticalhigh-severitycommand-injectioncwe-77cwe-78privilege-escalationcwe-269
/SCW Daily Digest /CRITICAL

CVE-2026-42431: OpenClaw Vulnerability Allows Persistent Browser Profile Mutation

CVE-2026-42431 — OpenClaw before 2026.4.8 contains a security bypass vulnerability in node.invoke(browser.proxy) that allows mutation of persistent browser profiles. Attackers can exploit this path to...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /8.1 /⚑ 3 IOCs /⚙ 2 Sigma

OpenClaw CVE-2026-42426: Improper Authorization Allows Node Pairing Bypass

CVE-2026-42426 — OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged...

vulnerabilityCVEhigh-severitycwe-863
/SCW Vulnerability Desk /HIGH /8.8 /⚑ 1 IOC /⚙ 2 Sigma