CVE-2026-24763
Unknown Unknown - Not Provided
Command Injection in OpenClaw Docker Sandbox via PATH Variable

Publication date: 2026-02-02

Last updated on: 2026-02-13

Assigner: GitHub, Inc.

Description
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-02
Last Modified
2026-02-13
Generated
2026-06-10
AI Q&A
2026-02-03
EPSS Evaluated
2026-06-08
NVD
CVE-2026-24763
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.1.29 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Update OpenClaw to version 2026.1.29 or later, as this version contains the fix for the command injection vulnerability in the Docker sandbox execution mechanism. Additionally, restrict authenticated user access to environment variable controls to prevent exploitation.

Executive Summary

This vulnerability is a command injection flaw in OpenClaw's Docker sandbox execution mechanism. It occurs because the software unsafely handles the PATH environment variable when constructing shell commands. An authenticated user who can control environment variables could manipulate command execution within the container, potentially running arbitrary commands.

Impact Analysis

This vulnerability can allow an authenticated user to execute arbitrary commands within the Docker container running OpenClaw. This can lead to full compromise of the container environment, including unauthorized access, data modification, or disruption of service.

Compliance Impact

[{'type': 'paragraph', 'content': "The vulnerability in OpenClaw's Docker sandbox execution mechanism allows an authenticated user to execute arbitrary commands inside the container by manipulating the PATH environment variable. This can lead to unauthorized access to the container's filesystem and environment variables, potentially exposing sensitive data."}, {'type': 'paragraph', 'content': 'Such unauthorized access and potential data exposure could negatively impact compliance with data protection standards and regulations like GDPR and HIPAA, which require strict controls over the confidentiality and integrity of sensitive personal and health information.'}, {'type': 'paragraph', 'content': 'By enabling command injection and possible data exposure, this vulnerability increases the risk of data breaches and unauthorized data manipulation, which are critical compliance concerns under these regulations.'}, {'type': 'paragraph', 'content': 'The fix implemented in version 2026.1.29 mitigates this risk by safely handling the PATH environment variable to prevent command injection, thereby helping to maintain compliance with such standards by protecting data confidentiality and integrity.'}] [2, 3]

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves unsafe handling of the PATH environment variable in OpenClaw's Docker sandbox execution mechanism, allowing command injection by an authenticated user controlling environment variables."}, {'type': 'paragraph', 'content': 'To detect if your system is vulnerable, you should check the version of OpenClaw installed and whether it is prior to the fixed version 2026.1.29.'}, {'type': 'paragraph', 'content': 'Additionally, you can inspect Docker container execution commands or environment variable settings related to PATH to see if unsafe interpolation is occurring.'}, {'type': 'paragraph', 'content': 'Since the vulnerability is related to environment variable injection in Docker commands, you can look for suspicious environment variable manipulations or shell commands that include direct PATH interpolation.'}, {'type': 'paragraph', 'content': 'No explicit detection commands are provided in the resources, but general approaches include:'}, {'type': 'list_item', 'content': 'Check OpenClaw version: `openclaw --version` or check package version in your environment to confirm if it is older than 2026.1.29.'}, {'type': 'list_item', 'content': 'Review Docker container environment variables for PATH manipulation: `docker inspect <container_id> | grep PATH`.'}, {'type': 'list_item', 'content': 'Audit running processes or scripts that invoke Docker with environment variables, looking for direct PATH interpolation in shell commands.'}, {'type': 'list_item', 'content': 'Monitor logs or command executions for unexpected or injected commands that could indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'For a more precise detection, you may need to review your OpenClaw deployment and source code or configuration to ensure it uses the fixed method of passing PATH via the CLAWDBOT_PREPEND_PATH environment variable instead of direct shell interpolation.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24763. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart