Skip to content
Threat Feed
high advisory

OpenClaw Incomplete Host Environment Variable Sanitization Vulnerability (CVE-2026-41387)

OpenClaw before 2026.3.22 is vulnerable to incomplete host environment variable sanitization, allowing attackers to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.

OpenClaw versions prior to 2026.3.22 contain a vulnerability related to incomplete sanitization of host environment variables. This flaw, found in host-env-security-policy.json and host-env-security.ts, allows for the overriding of package manager environment settings. An attacker can leverage this vulnerability to redirect approved execution requests, manipulating the package resolution process or the runtime bootstrap. By doing so, they can point these processes to attacker-controlled infrastructure. This enables the execution of trojanized content, potentially leading to supply chain attacks or arbitrary code execution within the affected environment. The vulnerability is identified as CVE-2026-41387.

Attack Chain

  1. Attacker identifies an OpenClaw instance running a version prior to 2026.3.22.
  2. Attacker crafts malicious environment variables designed to override the package manager’s default settings.
  3. The attacker triggers an approved execution request within the OpenClaw environment.
  4. Due to the incomplete sanitization, the attacker-controlled environment variables are used by the package manager.
  5. The package manager is redirected to the attacker’s infrastructure for package resolution or runtime bootstrap.
  6. The attacker’s infrastructure serves trojanized content disguised as legitimate packages or runtime components.
  7. OpenClaw executes the trojanized content, granting the attacker initial access to the system.

Impact

Successful exploitation of CVE-2026-41387 can lead to the execution of arbitrary code within the OpenClaw environment. This can result in compromised systems, data breaches, or supply chain attacks. Due to the nature of package management redirection, the impact could extend beyond the initial target, affecting other systems relying on the compromised OpenClaw instance. The vulnerability has a CVSS v3.1 score of 7.8, indicating a high severity.

Recommendation

  • Upgrade OpenClaw to version 2026.3.22 or later to remediate the vulnerability described in CVE-2026-41387.
  • Implement stricter input validation on environment variables used by OpenClaw, focusing on package manager settings, to prevent redirection attacks.
  • Monitor network traffic for connections to unusual or untrusted domains during package resolution or runtime bootstrap, as this may indicate an attempted redirection attack.

Detection coverage 2

Detect Package Manager Redirection via Environment Variables

high

Detects attempts to override package manager settings using environment variables, potentially indicating an exploit of CVE-2026-41387.

sigma tactics: initial_access techniques: T1190 sources: process_creation, linux

Suspicious Network Connection During Package Installation

medium

Detects network connections to unusual domains during package installation processes, which may indicate package redirection.

sigma tactics: initial_access techniques: T1190 sources: network_connection, linux

Detection queries are kept inside the platform. Get full rules →