PT-2026-25501 · Npm · Openclaw
Published
2026-03-03
·
Updated
2026-03-03
CVSS v3.1
7.5
High
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Summary
system.run environment sanitization allowed shell-startup env overrides (HOME, ZDOTDIR) that can execute attacker-controlled startup files before allowlist-evaluated command bodies.Affected Packages / Versions
- Package:
openclaw(npm) - Affected:
<= 2026.2.21-2(latest published vulnerable version) - Planned patched version:
>= 2026.2.22
Technical Details
In affected versions:
- Env sanitization blocked many dangerous keys, but not startup-sensitive override keys (
HOME,ZDOTDIR) in host exec env paths. - Shell-wrapper analysis for allowlist mode models command bodies, but not shell startup side effects.
- Runtime execution used sanitized env, so attacker-provided startup-key overrides could run hidden startup payloads first.
Observed exploit vectors:
HOME+bash -lc+ malicious.bash profileZDOTDIR+zsh -c+ malicious.zshenv
Fix Commit(s)
c2c7114ed39a547ab6276e1e933029b9530ee906
Release Process Note
patched versions is pre-set to the planned next release (>= 2026.2.22). After the npm release is published, this advisory can be published directly.OpenClaw thanks @tdjackey for reporting.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw