CVE-2026-22177

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the OpenClaw gateway service runtime context.

CVSS v3 6.1 MEDIUM

6.1^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 4.2

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4	Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7	Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*

History

19 Mar 2026, 16:07

Type	Values Removed	Values Added
First Time		Openclaw openclaw Openclaw
CPE		cpe:2.3:a:openclaw:openclaw::::::node.js::*
References	~~() https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4 -~~	() https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4 - Patch
References	~~() https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7 -~~	() https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7 - Vendor Advisory
References	~~() https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars -~~	() https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars - Third Party Advisory

18 Mar 2026, 14:52

Type	Values Removed	Values Added
Summary		(es) Las versiones de OpenClaw anteriores a 2026.2.21 no filtran las variables de entorno peligrosas de control de procesos de las variables de entorno de configuración, lo que permite la ejecución de código en tiempo de inicio. Los atacantes pueden inyectar variables como NODE_OPTIONS o LD_* a través de la configuración para ejecutar código arbitrario en el contexto de tiempo de ejecución del servicio de pasarela OpenClaw.

18 Mar 2026, 02:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2026-03-18 02:16

Updated : 2026-03-19 16:07

NVD link : CVE-2026-22177

Mitre link : CVE-2026-22177

CVE.ORG link : CVE-2026-22177

JSON object : View

Products Affected

openclaw

openclaw

CWE

CWE-15

External Control of System or Configuration Setting

6.1 /10