Description
OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.
Published: 2026-03-18
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw v2026.2.22 and earlier contain an arbitrary code execution vulnerability in the shell‑env component. Attackers can influence the $SHELL environment variable and, via trusted‑prefix fallback logic, run attacker‑controlled binaries stored in writable trusted‑prefix directories like /opt/homebrew/bin, allowing execution in the OpenClaw process context; based on the description, it is inferred that the fallback mechanism can be exploited to launch arbitrary binaries.

Affected Systems

The affected product is OpenClaw (vendor OpenClaw). Vulnerable releases include 2026.2.22 and any earlier release before 2026.2.23. The specific affected component is shell‑env and the vulnerability is present only when $SHELL is overridden and the trusted‑prefix directory is writable; this detail is inferred from the description.

Risk and Exploitability

The CVSS v3.1 score is 5.8, indicating moderate severity. The EPSS score indicates a very low but non‑zero likelihood of exploitation (<1%), and the vulnerability is not currently listed in the CISA KEV catalog. Attackers would need the ability to set the $SHELL environment variable and write to a trusted‑prefix directory, which is typically achievable by a local user with write access to that directory. Given these prerequisites, exploitation is possible in a local or compromised‑environment scenario, but would not be feasible over a standard network unless the attacker can place files on such a directory remotely; the likely attack vector is local, inferred from the description.

Generated by OpenCVE AI on May 26, 2026 at 16:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch (upgrade to OpenClaw version 2026.2.23 or later).
  • If upgrade is not immediately possible, restrict write access to trusted‑prefix directories such as /opt/homebrew/bin to prevent fallback execution.
  • Configure file access controls or security policies (e.g., SELinux or AppArmor) to prevent the OpenClaw process from executing binaries in trusted‑prefix directories.

Generated by OpenCVE AI on May 26, 2026 at 16:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p4wh-cr8m-gm6c OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
History

Tue, 26 May 2026 13:45:00 +0000

Type Values Removed Values Added
Description OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context. OpenClaw version 2026.2.22 prior to 2026.2.23 contains an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.
Title OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-26T11:51:58.294Z

Reserved: 2026-01-06T16:47:17.188Z

Link: CVE-2026-22217

cve-icon Vulnrichment

Updated: 2026-03-18T16:03:00.705Z

cve-icon NVD

Status : Modified

Published: 2026-03-18T02:16:23.003

Modified: 2026-05-26T14:16:28.940

Link: CVE-2026-22217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-26T16:15:09Z

Weaknesses
  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere