OpenClaw Shell Environment Variable Injection Vulnerability Bypasses Command Allowlist
Vulnerability
A remote code execution vulnerability exists in OpenClaw versions prior to 2026.2.22. The issue arises because the application fails to properly sanitize shell startup environment variables HOME and ZDOTDIR within the system.run function. This oversight allows remote attackers to inject malicious startup files, such as .bash_profile or .zshenv, which can execute arbitrary code before the allowlist-evaluated commands are run.
Impact
Exploitation of this vulnerability allows for arbitrary code execution on the affected system, executed in the context of the user running OpenClaw.
Reproduction
To reproduce this vulnerability, set the HOME or ZDOTDIR environment variable to a path containing a malicious startup file, such as .bash_profile or .zshenv. Then, use the system.run function to execute a command. The injected startup file will be processed before the command is executed, bypassing any command allowlist protections.
Remediation
Users can update to OpenClaw version 2026.2.22 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.