CVE-2026-29610
Received Received - Intake
Command Hijacking in OpenClaw Allows Arbitrary Code Execution

Publication date: 2026-03-05

Last updated on: 2026-03-11

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-05
Last Modified
2026-03-11
Generated
2026-06-16
AI Q&A
2026-03-06
EPSS Evaluated
2026-06-15
NVD
CVE-2026-29610
EUVD
EUVD-2026-9934
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.14 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-427 The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

OpenClaw versions prior to 2026.2.14 have a command hijacking vulnerability. This occurs because attackers can manipulate the PATH environment variables during node-host execution or project-local bootstrapping. By doing so, they can cause the system to execute unintended binaries.

Specifically, attackers who have authenticated access to node-host execution surfaces or who run OpenClaw in directories they control can place malicious executables in the PATH. These malicious executables override allowlisted safe-bin commands, enabling the attacker to execute arbitrary commands.

Impact Analysis

This vulnerability can lead to arbitrary command execution by attackers. If exploited, it allows attackers to run malicious code with the privileges of the OpenClaw process.

Such unauthorized command execution can compromise system integrity, lead to data breaches, disrupt operations, or allow further escalation of privileges within the affected environment.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-29610. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart