{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/environment-variable-override/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-41336"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["cve","code-execution","environment-variable-override"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eOpenClaw versions prior to 2026.3.31 are susceptible to an arbitrary code execution vulnerability, tracked as CVE-2026-41336. This flaw stems from the application\u0026rsquo;s insecure handling of environment variables. Specifically, the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, which dictates the directory from which OpenClaw loads bundled hooks, can be overridden by a workspace-specific .env file. This allows a malicious actor to craft a .env file within an untrusted workspace that points to a directory containing attacker-controlled hook code. Upon loading the workspace, OpenClaw will execute the malicious code, effectively granting the attacker arbitrary code execution within the application\u0026rsquo;s context. This vulnerability poses a significant risk to systems utilizing OpenClaw, as it can lead to complete system compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker creates a malicious hook code file (e.g., \u003ccode\u003eevil_hook.py\u003c/code\u003e) containing arbitrary code to be executed.\u003c/li\u003e\n\u003cli\u003eThe attacker creates a directory (e.g., \u003ccode\u003e/tmp/evil_hooks\u003c/code\u003e) and places the malicious hook code file within it.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a \u003ccode\u003e.env\u003c/code\u003e file containing the line \u003ccode\u003eOPENCLAW_BUNDLED_HOOKS_DIR=/tmp/evil_hooks\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe attacker places the malicious \u003ccode\u003e.env\u003c/code\u003e file into a workspace that a victim user is likely to open within OpenClaw.\u003c/li\u003e\n\u003cli\u003eThe victim user opens the workspace within OpenClaw.\u003c/li\u003e\n\u003cli\u003eOpenClaw reads the \u003ccode\u003e.env\u003c/code\u003e file and overrides the default \u003ccode\u003eOPENCLAW_BUNDLED_HOOKS_DIR\u003c/code\u003e with the attacker-controlled path \u003ccode\u003e/tmp/evil_hooks\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOpenClaw loads and executes the malicious hook code from \u003ccode\u003eevil_hook.py\u003c/code\u003e, granting the attacker arbitrary code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker gains control of the OpenClaw process and potentially the underlying system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-41336 allows an attacker to execute arbitrary code within the context of the OpenClaw application. This could lead to the complete compromise of the affected system, including data theft, modification, or destruction. Given the nature of the vulnerability, any system running a vulnerable version of OpenClaw is at risk if it processes untrusted workspaces. The CVSS v3.1 base score of 7.8 reflects the high potential impact of this vulnerability.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.31 or later to patch CVE-2026-41336.\u003c/li\u003e\n\u003cli\u003eImplement strict workspace validation to prevent the loading of malicious \u003ccode\u003e.env\u003c/code\u003e files.\u003c/li\u003e\n\u003cli\u003eMonitor process creations originating from the OpenClaw process for suspicious activity using the \u003ccode\u003eOpenClaw Suspicious Process Creation\u003c/code\u003e Sigma rule.\u003c/li\u003e\n\u003cli\u003eDeploy the \u003ccode\u003eOpenClaw Environment Variable Override\u003c/code\u003e Sigma rule to detect attempts to override the OPENCLAW_BUNDLED_HOOKS_DIR variable.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-24T12:00:00Z","date_published":"2026-04-24T12:00:00Z","id":"/briefs/2026-04-openclaw-env-override/","summary":"OpenClaw before 2026.3.31 allows attackers to execute arbitrary code by overriding the OPENCLAW_BUNDLED_HOOKS_DIR environment variable using a workspace .env file, enabling the loading of attacker-controlled hook code.","title":"OpenClaw Arbitrary Code Execution via Environment Variable Override (CVE-2026-41336)","url":"https://feed.craftedsignal.io/briefs/2026-04-openclaw-env-override/"},{"_cs_actors":[],"_cs_cves":[{"cvss":7.8,"id":"CVE-2026-41396"}],"_cs_exploited":false,"_cs_products":["OpenClaw"],"_cs_severities":["high"],"_cs_tags":["cve-2026-41396","environment-variable-override","plugin-injection"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw, a yet-to-be-defined application, is susceptible to a plugin trust verification bypass. Prior to version 2026.3.31, the application permits workspace-specific \u003ccode\u003e.env\u003c/code\u003e files to redefine the \u003ccode\u003eOPENCLAW_BUNDLED_PLUGINS_DIR\u003c/code\u003e environment variable. This vulnerability enables an attacker who has control over the workspace configuration to inject malicious plugins. By manipulating the directory from which OpenClaw loads bundled plugins, an attacker can circumvent the intended trust mechanisms, leading to the execution of untrusted code within the application\u0026rsquo;s context. This could lead to code execution, data exfiltration, or other malicious activities, depending on the injected plugin\u0026rsquo;s capabilities.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains access to the OpenClaw workspace configuration files. This could be achieved through compromised credentials or other means of unauthorized access.\u003c/li\u003e\n\u003cli\u003eAttacker creates or modifies a \u003ccode\u003e.env\u003c/code\u003e file within the workspace.\u003c/li\u003e\n\u003cli\u003eThe \u003ccode\u003e.env\u003c/code\u003e file is populated with a malicious definition of the \u003ccode\u003eOPENCLAW_BUNDLED_PLUGINS_DIR\u003c/code\u003e variable, pointing to a directory under the attacker\u0026rsquo;s control.\u003c/li\u003e\n\u003cli\u003eAttacker places a malicious plugin in the directory specified in the modified \u003ccode\u003eOPENCLAW_BUNDLED_PLUGINS_DIR\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eOpenClaw application is launched or reloaded, parsing the \u003ccode\u003e.env\u003c/code\u003e file and setting the \u003ccode\u003eOPENCLAW_BUNDLED_PLUGINS_DIR\u003c/code\u003e environment variable accordingly.\u003c/li\u003e\n\u003cli\u003eOpenClaw attempts to load plugins from the directory specified by the attacker-controlled \u003ccode\u003eOPENCLAW_BUNDLED_PLUGINS_DIR\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eThe malicious plugin is loaded and executed by OpenClaw, granting the attacker code execution within the application\u0026rsquo;s environment.\u003c/li\u003e\n\u003cli\u003eThe attacker can now perform malicious actions such as data exfiltration or further compromise of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability could lead to complete compromise of the OpenClaw application and potentially the underlying system. An attacker could inject malicious plugins to steal sensitive data, modify application behavior, or establish persistence for future attacks. The severity of the impact depends on the permissions granted to the OpenClaw process and the capabilities of the injected plugin. The number of affected users or organizations is currently unknown.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade OpenClaw to version 2026.3.31 or later to remediate the vulnerability (CVE-2026-41396).\u003c/li\u003e\n\u003cli\u003eMonitor file creation and modification events for \u003ccode\u003e.env\u003c/code\u003e files within OpenClaw workspaces. Deploy the Sigma rule \u003ccode\u003eDetect Suspicious .env File Modification in OpenClaw Workspace\u003c/code\u003e to detect malicious modifications.\u003c/li\u003e\n\u003cli\u003eImplement strict access controls for OpenClaw workspace configuration files to prevent unauthorized modification.\u003c/li\u003e\n\u003cli\u003eConsider restricting the ability of the OpenClaw application to load plugins from arbitrary directories.\u003c/li\u003e\n\u003cli\u003eImplement the file integrity monitoring (FIM) of plugin directories.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2024-01-03T12:00:00Z","date_published":"2024-01-03T12:00:00Z","id":"/briefs/2024-01-openclaw-env-override/","summary":"OpenClaw before 2026.3.31 allows attackers with control over workspace configuration to inject malicious plugins by overriding the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable through workspace .env files, compromising plugin trust verification.","title":"OpenClaw Plugin Trust Verification Bypass via Environment Variable Override","url":"https://feed.craftedsignal.io/briefs/2024-01-openclaw-env-override/"}],"language":"en","title":"CraftedSignal Threat Feed — Environment-Variable-Override","version":"https://jsonfeed.org/version/1.1"}