Perceptive Security
SOC/SIEM Consultancy
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled h…
Published:
22 april 2026 om 22:00:00
Alert date:
23 april 2026 om 23:04:51
Source:
nvd.nist.gov
Supply Chain & Dependencies, Security Tools
OpenClaw before version 2026.3.31 contains a vulnerability that allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable. This enables attackers to load malicious hook code by replacing trusted default bundled hooks from untrusted workspaces. The vulnerability can lead to arbitrary code execution when attackers manipulate the environment variable to point to attacker-controlled hook files. This represents a significant security risk as it allows code execution through workspace configuration manipulation.
Technical details
Mitigation steps:
Affected products:
OpenClaw
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2026-41336
https://github.com/openclaw/openclaw/commit/330a9f98cb29c79b1c16a2117e03d6276a0d6289
https://github.com/openclaw/openclaw/security/advisories/GHSA-3qpv-xf3v-mm45
https://www.vulncheck.com/advisories/openclaw-arbitrary-hook-code-execution-via-openclaw-bundled-hooks-dir-environment-variable-override
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.