OpenClaw Environment Variable Injection Vulnerability in system.run Function Allowing Command Execution

A vulnerability exists in OpenClaw versions prior to 2026.2.22, allowing for environment variable injection in the system.run function. This vulnerability enables attackers to bypass command allowlist restrictions by using the SHELLOPTS and PS4 environment variables. When system.run is invoked with request-scoped environment variables, arbitrary shell commands can be executed outside the intended allowlisted command body, taking advantage of bash's xtrace expansion.

Impact

Exploitation of this vulnerability allows for arbitrary command execution on the host system, bypassing application-level command restrictions.

Reproduction

To reproduce this vulnerability, invoke the system.run function while passing request-scoped environment variables that include SHELLOPTS set to 'xtrace' and PS4 set to a command substitution expression (e.g., '$(touch /tmp/pwned)'). This can be done through an OpenClaw application that allows manipulation of the execution environment, such as a Node.js host with the appropriate permissions.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.