Description
OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion.
Published: 2026-03-19
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is an environment variable injection in the system.run function of OpenClaw. It allows attackers to bypass the command allowlist restrictions by manipulating the SHELLOPTS and PS4 environment variables, enabling arbitrary shell command execution via bash xtrace expansion. This is a classic OS command injection (CWE-78) and results in remote code execution outside the intended command body.

Affected Systems

OpenClaw (OpenClaw) is affected. All versions prior to 2026.2.22 contain the flaw. The affected product runs on Node.js, as indicated by its CPE string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, while the EPSS score is not provided and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires the ability to invoke system.run with request-scope environment variables. The likely attack vector, based on the description, is through an exposed application interface that allows control of environment variables. Attackers can inject commands that are executed outside the allowlisted command body through bash xtrace, giving them full remote code execution capability.

Generated by OpenCVE AI on March 19, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.22 or later.
  • If upgrading is not immediately possible, ensure that system.run can only be invoked by trusted code and that request-scoped environment variables are not user-controlled.
  • Monitor the application for unexpected usage of system.run and for anomalies in environment variable settings.
  • Check the vendor's website or security advisories for further updates and patches.

Generated by OpenCVE AI on March 19, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2fgq-7j6h-9rm4 OpenClaw has system.run shell-wrapper env injection via SHELLOPTS/PS4 can bypass allowlist intent (RCE)
History

Sat, 21 Mar 2026 05:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.22 contain an environment variable injection vulnerability in the system.run function that allows attackers to bypass command allowlist restrictions via SHELLOPTS and PS4 environment variables. An attacker who can invoke system.run with request-scoped environment variables can execute arbitrary shell commands outside the intended allowlisted command body through bash xtrace expansion.
Title OpenClaw < 2026.2.22 - Remote Code Execution via SHELLOPTS/PS4 Environment Injection in system.run
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.6, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.5, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-21T03:23:11.364Z

Reserved: 2026-03-10T19:48:13.664Z

Link: CVE-2026-32003

cve-icon Vulnrichment

Updated: 2026-03-21T03:23:07.219Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T22:16:32.527

Modified: 2026-03-23T18:57:22.013

Link: CVE-2026-32003

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T11:05:40Z

Weaknesses