top of page
perceptive_background_267k.jpg

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environme…

Published:

27 April 2026 at 22:00:00

Alert date:

28 April 2026 at 20:08:59

Source:

nvd.nist.gov

Click to open the original link from this advisory

Security Tools

OpenClaw versions before 2026.3.24 contain a critical environment variable injection vulnerability in the CLI backend runner. Attackers can exploit this flaw by crafting malicious workspace configuration files to inject arbitrary environment variables into the backend process. This vulnerability enables code execution and sensitive data exposure through the workspace configuration mechanism. The vulnerability affects the CLI backend runner component specifically and has been addressed in version 2026.3.24.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-41384
https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24
https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg
https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Disclaimer: Deze website toont informatie afkomstig van externe bronnen. Perceptive aanvaardt geen verantwoordelijkheid voor de inhoud, juistheid of volledigheid van deze informatie.

bottom of page