top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled h…

Published:

22 April 2026 at 22:00:00

Alert date:

23 April 2026 at 23:04:51

Source:

nvd.nist.gov

Click to open the original link from this advisory

Supply Chain & Dependencies, Security Tools

OpenClaw before version 2026.3.31 contains a vulnerability that allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable. This enables attackers to load malicious hook code by replacing trusted default bundled hooks from untrusted workspaces. The vulnerability can lead to arbitrary code execution when attackers manipulate the environment variable to point to attacker-controlled hook files. This represents a significant security risk as it allows code execution through workspace configuration manipulation.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41336
https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289
https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45
https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page