Primary

Context

OpenClaw Arbitrary Shell Execution Vulnerability via Unvalidated SHELL Environment Variable

Vulnerability

A vulnerability allowing arbitrary shell execution exists in OpenClaw versions prior to 2026.2.22. This issue arises from the shell environment fallback mechanism, which trusts the unvalidated SHELL path from the host environment. An attacker with local environment access can inject a malicious SHELL variable to execute arbitrary commands with the privileges of the OpenClaw process.

Impact

Exploitation of this vulnerability allows for arbitrary command execution in the context of the OpenClaw process.

Reproduction

The vulnerability can be reproduced by setting the SHELL environment variable to an untrusted path that points to a malicious executable. When OpenClaw is run, it will use the injected SHELL variable in the shell environment fallback, executing commands specified by the attacker.

Remediation

Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.

Added: Mar 19, 2026, 10:33 PM

Updated: Mar 19, 2026, 10:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.0

remediation

0.0

relevance

4.1

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.0

remediation

0.0

relevance

4.1

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Arbitrary Shell Execution Vulnerability via Unvalidated SHELL Environment Variable

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating