Description
OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email (e.g. crafted `@users[.]noreply[.]github[.]com` values). Normal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation. The script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run. Version 2026.2.14 contains a patch.
Published: 2026-02-19
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary Command Execution
Action: Immediate Patch
AI Analysis

Impact

The maintainer/dev script scripts/update-clawtributors.ts in OpenClaw contains a command injection flaw. It constructs a shell command by embedding a GitHub login derived from git log author metadata into a call to execSync. A crafted commit author email can inject shell metacharacters, allowing an attacker to execute arbitrary commands during the update process. This flaw is limited to the script; normal CLI operation via npm is unaffected.

Affected Systems

Affected versions are 2026.1.8 through 2026.2.13 of OpenClaw, released under the openclaw:openclaw package. The weakness specifically impacts contributors and maintainers who run the update script locally or in continuous‑integrations that execute the script on source checkouts containing malicious commit metadata. The incident was mitigated in version 2026.2.14, which patches the string interpolation.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability is considered high severity. EPSS is below 1%, indicating a low likelihood of exploitation in the wild, and it is not listed in the CISA KEV catalog. The attack vector is likely local or privileged; the flaw requires an attacker to orchestrate a malicious commit in the repository and then run the updater script on an affected environment. If executed, arbitrary commands run with the privileges of the user invoking the script.

Generated by OpenCVE AI on April 17, 2026 at 17:48 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.2.14 or later to apply the patch that fixes the command injection.
  • Do not run the update script on untrusted repositories; verify author metadata or restrict script execution to trusted code bases.
  • If the script must run in CI, isolate the runner, enforce least privileges, and audit commit metadata for suspicious email patterns before execution.

Generated by OpenCVE AI on April 17, 2026 at 17:48 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-m7x8-2w3w-pr42 OpenClaw has a command injection in maintainer clawtributors updater
History

Fri, 20 Feb 2026 19:15:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

Fri, 20 Feb 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 20 Feb 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Openclaw
Openclaw openclaw
Vendors & Products Openclaw
Openclaw openclaw

Thu, 19 Feb 2026 23:00:00 +0000

Type Values Removed Values Added
Description OpenClaw is a personal AI assistant. Versions 2026.1.8 through 2026.2.13 have a command injection in the maintainer/dev script `scripts/update-clawtributors.ts`. The issue affects contributors/maintainers (or CI) who run `bun scripts/update-clawtributors.ts` in a source checkout that contains a malicious commit author email (e.g. crafted `@users[.]noreply[.]github[.]com` values). Normal CLI usage is not affected (`npm i -g openclaw`): this script is not part of the shipped CLI and is not executed during routine operation. The script derived a GitHub login from `git log` author metadata and interpolated it into a shell command (via `execSync`). A malicious commit record could inject shell metacharacters and execute arbitrary commands when the script is run. Version 2026.2.14 contains a patch.
Title OpenClaw has a command injection in maintainer clawtributors updater
Weaknesses CWE-78
References
Metrics cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-02-20T15:40:16.815Z

Reserved: 2026-02-13T16:27:51.808Z

Link: CVE-2026-26323

cve-icon Vulnrichment

Updated: 2026-02-20T15:31:57.356Z

cve-icon NVD

Status : Analyzed

Published: 2026-02-19T23:16:25.500

Modified: 2026-02-20T19:06:15.470

Link: CVE-2026-26323

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-17T18:00:12Z

Weaknesses