Description
OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.
Published: 2026-03-18
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Binary Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.23 contain an arbitrary binary execution vulnerability in the shell-env component. The flaw stems from the trusted‑prefix fallback logic used when interpreting the $SHELL environment variable. An attacker who can influence $SHELL and write to a directory that OpenClaw treats as a trusted prefix (e.g., /opt/homebrew/bin) can place an attacker‑controlled binary there and cause OpenClaw to execute it. The impact is the ability to run arbitrary code with the privileges of the OpenClaw process.

Affected Systems

The affected product is OpenClaw (vendor OpenClaw). Vulnerable releases include 2026.2.22 and any earlier release before 2026.2.23. The specific affected component is shell‑env and the vulnerability is present only when $SHELL is overridden and the trusted‑prefix directory is writable.

Risk and Exploitability

The CVSS v3.1 score is 5.8, indicating moderate severity. No EPSS score is available, and the vulnerability is not currently listed in the CISA KEV catalog. Attackers would need the ability to set the $SHELL environment variable and write to a trusted‑prefix directory, which is typically achievable by a local user with write access to that directory. Given these prerequisites, exploitation is possible in a local or compromised‑environment scenario, but would not be feasible over a standard network unless the attacker can place files on such a directory remotely.

Generated by OpenCVE AI on March 18, 2026 at 03:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply vendor patch (upgrade to OpenClaw version 2026.2.23 or later).
  • If upgrade is not immediately possible, restrict write access to trusted‑prefix directories such as /opt/homebrew/bin to prevent fallback execution.

Generated by OpenCVE AI on March 18, 2026 at 03:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-p4wh-cr8m-gm6c OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
History

Wed, 25 Mar 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L'}

 cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Wed, 18 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 18 Mar 2026 02:15:00 +0000

Type Values Removed Values Added
Description OpenClaw version 2026.2.22 prior to 2026.2.23 contain an arbitrary code execution vulnerability in shell-env that allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.
Title OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variable Trusted Prefix Fallback
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-25T14:33:28.280Z

Reserved: 2026-01-06T16:47:17.188Z

Link: CVE-2026-22217

cve-icon Vulnrichment

Updated: 2026-03-18T16:03:00.705Z

cve-icon NVD

Status : Modified

Published: 2026-03-18T02:16:23.003

Modified: 2026-03-25T15:16:37.207

Link: CVE-2026-22217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-24T10:53:37Z

Weaknesses