Versions of OpenClaw prior to 2026.3.31 fail to enforce restrictions on compiler binary environment variables defined in the host‑execution security policy. The incomplete policy allows untrusted models to set or override CC, CXX, CARGO_BUILD_RUSTC, and CMAKE_C_COMPILER, resulting in arbitrary compiler binary substitution. This issue maps to CWE‑427, which enables an attacker to replace legitimate system binaries with malicious executables, thereby achieving code execution during build processes. The vulnerability specifically grants attackers who have obtained approved host‑execution permissions the ability to execute arbitrary code as part of the model build workflow. The impact therefore includes confidentiality compromise, integrity violation of build artifacts, and potential persistence on the host through malicious binaries.

The affected vendor is OpenClaw, product OpenClaw, versions older than 2026.3.31. No additional product details are available beyond this version range.

The CVSS score of 5.8 indicates a moderate severity. The EPSS score is not available, so current exploitation likelihood is unknown. OpenClaw is not listed in CISA KEV, implying no confirmed exploit in the wild as of this assessment. The attack requires an attacker to already have host‑execution approval; once that precondition is satisfied, they can override compiler binaries and execute arbitrary code during the build. The *likely attack vector* is an authorized model build for which the host‑policy permissions are established, making remediation critical for any environment that processes untrusted or partially trusted models.