CVE-2026-24763

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.1.29

Description OpenClaw, formerly Clawdbot, a personal AI assistant, had a command injection issue in its Docker sandbox execution mechanism. This was due to unsafe handling of the PATH environment variable when building shell commands. An authenticated user who could control environment variables could influence command execution within the container. The issue could lead to the execution of unintended commands inside the container, access to the container filesystem and environment variables, exposure of sensitive data, and an increased risk in misconfigured or privileged container environments.

Recommendations Update to version 2026.1.29.