https://feed.craftedsignal.io/tags/environment-variable-injection/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioWed, 29 Apr 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-04-openclaw-env-injection/Wed, 29 Apr 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-openclaw-env-injection/OpenClaw before 2026.3.24 is vulnerable to environment variable injection, allowing attackers to inject malicious environment variables through crafted workspace configurations in the CLI backend, leading to potential code execution or sensitive data exposure.OpenClaw, a CLI tool, is vulnerable to environment variable injection (CVE-2026-41384) in versions prior to 2026.3.24. The vulnerability resides in the CLI backend runner and allows attackers to inject malicious environment variables into the backend process. This is achieved by crafting malicious workspace configurations. Successful exploitation can lead to arbitrary code execution within the context of the OpenClaw process or exposure of sensitive information handled by the application. This vulnerability poses a significant risk to systems using affected versions of OpenClaw, potentially allowing attackers to compromise the confidentiality, integrity, and availability of the system.

Attack Chain

1. Attacker crafts a malicious OpenClaw workspace configuration file. This file contains specially crafted environment variables designed to inject malicious code.
2. The attacker gains access to a system where OpenClaw is installed, either through local access or by compromising an account that has access to modify OpenClaw workspace configurations.
3. The attacker modifies the existing OpenClaw workspace configuration or creates a new one with the malicious environment variables.
4. The user or system executes a command using the OpenClaw CLI, triggering the backend runner.
5. The OpenClaw CLI backend runner parses the workspace configuration file, including the attacker-controlled environment variables.
6. The backend runner spawns a new process, inheriting the injected environment variables.
7. The injected environment variables cause the spawned process to execute arbitrary code, potentially downloading and executing malware or modifying system settings.
8. The attacker achieves code execution, enabling them to perform various malicious activities such as data exfiltration, privilege escalation, or denial of service.

Impact

Successful exploitation of this vulnerability (CVE-2026-41384) allows attackers to inject arbitrary environment variables, potentially leading to code execution or sensitive data exposure. Given the nature of CLI tools often used in automated scripting and deployment pipelines, this could lead to widespread compromise across multiple systems. The severity is rated as HIGH with a CVSS v3.1 score of 7.8.

Recommendation

• Upgrade OpenClaw to version 2026.3.24 or later to remediate CVE-2026-41384.
• Implement strict access control policies to limit who can modify OpenClaw workspace configurations to prevent unauthorized injection of malicious environment variables.
• Monitor process creation events for unusual processes spawned by OpenClaw, using the OpenClaw Suspicious Child Processes Sigma rule.
• Implement file integrity monitoring on OpenClaw workspace configuration files to detect unauthorized modifications.

]]>highadvisoryenvironment-variable-injectioncode-executioncve-2026-41384https://feed.craftedsignal.io/briefs/2024-01-23-openclaw-env-injection/Fri, 17 Apr 2026 21:54:20 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-23-openclaw-env-injection/The openclaw package versions prior to 2026.4.10 are vulnerable to environment variable injection, where the exec environment policy missed interpreter startup variables allowing operator-supplied environment overrides to influence downstream execution or network behavior, addressed in versions 2026.4.10 and later.The openclaw package, a tool used within the npm ecosystem, was found to have a vulnerability affecting versions prior to 2026.4.10. This vulnerability stems from an inadequate environment variable denylist in the exec environment policy. Specifically, the policy failed to block high-risk interpreter startup variables such as VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. This oversight allowed malicious actors to potentially inject arbitrary environment variables, thereby influencing the behavior of downstream execution or network operations. The vulnerability was reported by @feiyang666 of Tencent zhuque Lab. The fix was implemented in version 2026.4.10 and later, with version 2026.4.14 containing the fix as well. This vulnerability allows for potential code execution or network manipulation through environment variables.

Attack Chain

1. An attacker gains control over an environment where the vulnerable openclaw package is utilized.
2. The attacker identifies that the openclaw version is prior to 2026.4.10.
3. The attacker injects a malicious environment variable, such as VIMINIT, EXINIT, LUA_INIT, or HOSTALIASES, into the system’s environment.
4. The openclaw package executes a process that reads and utilizes environment variables without proper sanitization.
5. The injected environment variable overrides the intended behavior of the process. For example, VIMINIT can be used to execute arbitrary vim commands upon startup.
6. This execution leads to arbitrary code execution or modified network behavior, depending on the injected variable. For example, HOSTALIASES can redirect network requests to attacker-controlled servers.
7. The attacker achieves their objective, such as gaining unauthorized access, exfiltrating data, or causing denial of service.
8. The attacker leverages the compromised environment to propagate the attack further.

Impact

The vulnerability allows for arbitrary code execution or network redirection by injecting malicious environment variables. Successful exploitation could lead to unauthorized access to sensitive data, system compromise, or denial-of-service conditions. The specific impact depends on the context in which openclaw is used and the permissions of the user running the affected process. The reported vulnerability has been fixed in openclaw version 2026.4.10 and later.

Recommendation

• Upgrade the openclaw package to version 2026.4.10 or later to remediate the vulnerability, as indicated in the advisory (https://github.com/advisories/GHSA-vfp4-8x56-j7c5).
• Monitor process execution for the presence of environment variables being passed to child processes, focusing on VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Implement the Sigma rule below to detect suspicious process execution involving these variables.
• Implement a system-wide policy to restrict the modification of environment variables by non-administrative users.

]]>highadvisorynpmopenclawenvironment-variable-injectionvulnerabilityhttps://feed.craftedsignal.io/briefs/2024-01-09-openclaw-rce/Thu, 09 Apr 2026 14:22:29 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2024-01-09-openclaw-rce/OpenClaw versions prior to 2026.4.8 are vulnerable to remote code execution (RCE) via build tool environment variable injection due to missing denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS, allowing hostile environment variables to influence host exec commands.OpenClaw, a user-controlled local assistant, is vulnerable to a remote code execution (RCE) issue affecting versions prior to 2026.4.8. The vulnerability, identified as GHSA-cm8v-2vh9-cxf3, stems from missing denylist entries for environment variables that influence build tools. Specifically, HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS were not properly sanitized, allowing a malicious actor to inject arbitrary commands into the build process. This can lead to the execution of untrusted code on the host system. The vulnerability was reported by @boy-hack of Tencent zhuque Lab. The fix is available in version 2026.4.8 and commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.

Attack Chain

1. The attacker identifies a vulnerable OpenClaw instance running a version prior to 2026.4.8.
2. The attacker crafts malicious environment variables, such as HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, or MAKEFLAGS, containing shell commands.
3. The attacker triggers a build process within OpenClaw that utilizes the affected environment variables. This could involve providing a specific input or interacting with OpenClaw in a way that initiates a build operation.
4. Due to the missing denylist, OpenClaw does not sanitize the malicious environment variables.
5. The build tool, influenced by the attacker-controlled environment variables, executes the injected shell commands.
6. The injected commands execute with the privileges of the OpenClaw process.
7. The attacker gains arbitrary code execution on the host system.
8. The attacker can now perform actions such as installing malware, exfiltrating data, or compromising other systems.

Impact

Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the system running OpenClaw. This could lead to complete system compromise, including data theft, malware installation, and further lateral movement within the network. Given OpenClaw’s nature as a user-controlled local assistant, the impact is primarily on individual user systems. However, in environments where OpenClaw is deployed more broadly, the vulnerability could be leveraged to compromise multiple machines.

Recommendation

• Upgrade OpenClaw to version 2026.4.8 or later to patch the vulnerability (see “Affected Packages / Versions”).
• Monitor process creation events for unexpected processes spawned by OpenClaw or its build tool subprocesses (see rules below).
• Implement additional input validation and sanitization measures to prevent environment variable injection in other applications.
• Review and harden build processes to limit the influence of environment variables.

]]>highadvisoryrceenvironment-variable-injectionopenclawhttps://feed.craftedsignal.io/briefs/2026-04-openclaw-index-redirect/Thu, 02 Apr 2026 20:57:44 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-openclaw-index-redirect/The openclaw npm package is vulnerable to Python package-index redirection through host execution due to improper sanitization of `PIP_INDEX_URL` and `UV_INDEX_URL`, affecting versions 2026.3.28 and earlier.The openclaw npm package, versions 2026.3.28 and earlier, contains a vulnerability that allows for the redirection of Python package-index traffic. This is due to insufficient sanitization of the PIP_INDEX_URL and UV_INDEX_URL environment variables during host execution. An attacker can potentially exploit this vulnerability to redirect package installation traffic to a malicious index, potentially leading to the installation of compromised packages. The scope of this vulnerability is limited to approved or allowlisted package-management execution paths, mitigating the risk of arbitrary remote execution. Version 2026.3.31 and later contain the fix. The vulnerability was reported by @nexrin.

Attack Chain

1. An attacker identifies a system using a vulnerable version (<=2026.3.28) of the openclaw npm package.
2. The attacker gains access to the system or its environment configuration.
3. The attacker sets either the PIP_INDEX_URL or UV_INDEX_URL environment variable to point to a malicious Python package index server.
4. The system executes a package installation command (e.g., pip install <package>) through openclaw.
5. openclaw, without proper sanitization, uses the attacker-controlled environment variable when resolving package dependencies.
6. The package manager connects to the malicious index server specified in the PIP_INDEX_URL or UV_INDEX_URL variable.
7. The attacker serves malicious or backdoored Python packages through the rogue index.
8. The system installs the malicious packages, potentially compromising the system with arbitrary code execution.

Impact

Successful exploitation of this vulnerability could lead to the installation of malicious Python packages on systems utilizing the vulnerable openclaw version. This could result in arbitrary code execution, data theft, or other malicious activities, depending on the contents of the malicious packages. The scope is somewhat limited since only allowlisted execution paths are affected, which reduces the blast radius.

Recommendation

• Upgrade the openclaw npm package to version 2026.3.31 or later to remediate the vulnerability.
• Monitor process executions involving openclaw and the use of PIP_INDEX_URL or UV_INDEX_URL environment variables. Deploy the Sigma rule Detect OpenClaw Using Suspicious Index URL to detect exploitation attempts.
• Implement strict allowlisting of package management execution paths to further limit the potential impact.
• Enable process creation logging to capture command line arguments and environment variables for the openclaw process.

]]>highadvisoryopenclawnpmpackage-index-redirectionenvironment-variable-injection