OpenClaw CVE-2026-44995: Arbitrary Code Execution via Environment Variable Flaw
The National Vulnerability Database has detailed CVE-2026-44995, a critical improper environment variable validation vulnerability affecting OpenClaw before version 2026.4.20. This flaw resides within the MCP stdio server configuration, enabling attackers to execute arbitrary code with a CVSS v3.1 score of 7.3 (HIGH).
The vulnerability allows malicious workspace configurations to inject dangerous startup variables, such as NODE_OPTIONS, LD_PRELOAD, or BASH_ENV, into spawned MCP server processes. This effectively facilitates code injection when operators initiate sessions utilizing these compromised servers. The National Vulnerability Database classifies this under CWE-829, indicating an improper neutralization of an environment variable.
What This Means For You
- If your organization uses OpenClaw, you need to immediately identify all instances running versions prior to 2026.4.20. Prioritize patching to version 2026.4.20 or later to mitigate this arbitrary code execution risk. Review your workspace configurations for any unusual environment variable settings, especially those that could pass dangerous startup variables to server processes.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-44995: OpenClaw Arbitrary Code Execution via NODE_OPTIONS
title: CVE-2026-44995: OpenClaw Arbitrary Code Execution via NODE_OPTIONS
id: scw-2026-05-11-ai-1
status: experimental
level: critical
description: |
Detects the exploitation of CVE-2026-44995 by identifying processes spawned with the NODE_OPTIONS environment variable set, which can be leveraged by attackers to inject and execute arbitrary code within OpenClaw MCP server processes.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
- https://shimiscyberworld.com/posts/nvd-CVE-2026-44995/
tags:
- attack.execution
- attack.t1059.004
logsource:
category: process_creation
detection:
selection:
Image|contains:
- 'node.exe'
CommandLine|contains:
- 'NODE_OPTIONS'
condition: selection
falsepositives:
- Legitimate administrative activity
Source: Shimi's Cyber World · License & reuse
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-44995 | RCE | OpenClaw before 2026.4.20 |
| CVE-2026-44995 | Code Injection | Improper environment variable validation in MCP stdio server configuration |
| CVE-2026-44995 | Code Injection | Malicious workspace configurations passing NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | May 11, 2026 at 21:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related coverage
CVE-2026-8321: Inkeep Agents Authentication Bypass Vulnerability
CVE-2026-8321 — A vulnerability was detected in inkeep agents 0.58.14. This vulnerability affects the function createDevContext of the file agents-api/src/middleware/runAuth.ts of the component runAuth Middleware....
CVE-2026-8320 — Jishenghua JshERP Server-Side Request Forgery
CVE-2026-8320 — A security vulnerability has been detected in jishenghua jshERP up to 3.6. This affects the function getUserByWeixinCode of the file jshERP-boot/src/main/java/com/jsh/erp/service/UserService.java of the...
CVE-2026-8319 — A weakness has been identified in aiwaves-cn agents up to
CVE-2026-8319 — A weakness has been identified in aiwaves-cn agents up to e8c4e3c2d19739d3dff59e577d1c97090cc15f59. Affected by this issue is the function recall_relevant_memories_to_working_memory of the file core/cat/looking_glass/stray_cat.py...