OpenClaw Shell Wrapper Detection Bypass via Environment Variable Injection

OpenClaw versions prior to 2026.4.12 are susceptible to a shell-wrapper detection bypass vulnerability (CVE-2026-42435). This flaw allows attackers to inject arbitrary environment variable assignments at the argv level when OpenClaw processes shell commands. By carefully crafting these injections, attackers can bypass the expected preflight handling and subsequently manipulate high-risk shell variables, such as SHELLOPTS and PS4. This manipulation can lead to significant alterations in execution semantics and the circumvention of intended security controls within the OpenClaw environment. This vulnerability was reported on May 5, 2026, and affects systems running vulnerable versions of OpenClaw.

Attack Chain

1. An attacker gains initial access to a system where OpenClaw is installed, potentially through exploiting another vulnerability or using compromised credentials.
2. The attacker identifies a point where OpenClaw executes shell commands with insufficient input sanitization.
3. The attacker crafts a command that injects environment variable assignments, such as SHELLOPTS='-xe' or PS4='+ ', at the argv level.
4. OpenClaw’s exec preflight handling fails to properly detect and sanitize the injected environment variables.
5. The injected variables modify the behavior of subsequently executed shell commands. For instance, setting SHELLOPTS='-xe' enables verbose execution tracing.
6. If PS4 is manipulated, this can alter the trace prompt, leading to information disclosure or further exploitation during script debugging.
7. The attacker leverages the modified shell environment to execute malicious code or bypass security restrictions.
8. The attacker achieves arbitrary code execution or privilege escalation by abusing the altered shell execution environment.

Impact

Successful exploitation of CVE-2026-42435 allows attackers to manipulate the execution environment of shell commands within OpenClaw. This can lead to arbitrary code execution, privilege escalation, and the circumvention of security controls. While the specific number of affected installations is unknown, the impact is significant due to the potential for complete system compromise. Organizations using vulnerable versions of OpenClaw are at risk.

Recommendation

• Upgrade OpenClaw to version 2026.4.12 or later to patch CVE-2026-42435.
• Implement input validation and sanitization measures to prevent environment variable injection at the argv level.
• Deploy the Sigma rule “Detect Suspicious SHELLOPTS Modification” to identify attempts to manipulate the SHELLOPTS environment variable.
• Deploy the Sigma rule “Detect Suspicious PS4 Modification” to identify attempts to manipulate the PS4 environment variable.