CVE-2026-29610
Command Hijacking in OpenClaw Allows Arbitrary Code Execution
Publication date: 2026-03-05
Last updated on: 2026-03-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.14 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
OpenClaw versions prior to 2026.2.14 have a command hijacking vulnerability. This occurs because attackers can manipulate the PATH environment variables during node-host execution or project-local bootstrapping. By doing so, they can cause the system to execute unintended binaries.
Specifically, attackers who have authenticated access to node-host execution surfaces or who run OpenClaw in directories they control can place malicious executables in the PATH. These malicious executables override allowlisted safe-bin commands, enabling the attacker to execute arbitrary commands.
How can this vulnerability impact me? :
This vulnerability can lead to arbitrary command execution by attackers. If exploited, it allows attackers to run malicious code with the privileges of the OpenClaw process.
Such unauthorized command execution can compromise system integrity, lead to data breaches, disrupt operations, or allow further escalation of privileges within the affected environment.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
I don't know