CVE-2026-4039
Received Received - Intake
Remote Code Injection in OpenClaw Skill Env Handler Component

Publication date: 2026-03-12

Last updated on: 2026-03-16

Assigner: VulDB

Description
A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-12
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-12
EPSS Evaluated
2026-06-14
NVD
CVE-2026-4039
EUVD
EUVD-2026-11563
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.21 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-74 The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4039 is a code injection vulnerability in OpenClaw version 2026.2.19-2, specifically in the function applySkillConfigenvOverrides of the Skill Env Handler component.

The vulnerability occurs because the function improperly handles environment variable overrides from skill configurations, copying them directly into the host process environment without adequate sanitization or enforcement of safety policies.

This allows an attacker who can manipulate the local OpenClaw configuration (for example, by editing skill environment variables) to inject and execute arbitrary code remotely by setting dangerous environment variables such as NODE_OPTIONS.

The issue is related to CWE-94 (Improper Control of Generation of Code) and CWE-15 (External Control of System or Configuration Setting).

The vulnerability was fixed by introducing a sanitization mechanism that blocks unsafe environment variable overrides, only allowing explicitly declared sensitive keys, and issuing warnings or blocking suspicious values.

Impact Analysis

This vulnerability can impact you by allowing remote attackers to inject and execute arbitrary code within the OpenClaw environment.

Successful exploitation can compromise the confidentiality, integrity, and availability of the system by altering runtime behavior or child process execution through dangerous environment variables.

An attacker must have the ability to modify the local OpenClaw configuration or skill environment variables, which means trusted operator access is required.

If exploited, this could lead to unauthorized code execution, potentially allowing attackers to control or disrupt the affected system.

Upgrading to OpenClaw version 2026.2.21-beta.1 or applying the relevant patch mitigates this risk by sanitizing environment variable overrides and blocking dangerous keys.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'The vulnerability CVE-2026-4039 affects the OpenClaw application by allowing unsafe environment variable overrides through the function applySkillConfigEnvOverrides. Detection involves checking if the OpenClaw configuration or skill environment overrides contain dangerous environment variables such as NODE_OPTIONS, OPENSSL_CONF, LD_PRELOAD, or DYLD_INSERT_LIBRARIES that could be injected into the process environment.'}, {'type': 'paragraph', 'content': 'Since exploitation requires modification of local OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json), inspecting these files for suspicious or unexpected environment variable overrides is a key detection step.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation or presence of unsafe environment overrides include:'}, {'type': 'list_item', 'content': "Inspect the OpenClaw configuration file for environment overrides: `cat ~/.openclaw/openclaw.json | grep -A 10 'skills.entries'`"}, {'type': 'list_item', 'content': "Search for dangerous environment variables in skill environment overrides: `grep -E 'NODE_OPTIONS|OPENSSL_CONF|LD_PRELOAD|DYLD_INSERT_LIBRARIES' ~/.openclaw/openclaw.json`"}, {'type': 'list_item', 'content': "Check the running process environment variables of OpenClaw for suspicious entries: `ps aux | grep openclaw` followed by `cat /proc/<pid>/environ | tr '\\0' '\\n' | grep -E 'NODE_OPTIONS|OPENSSL_CONF|LD_PRELOAD|DYLD_INSERT_LIBRARIES'`"}, {'type': 'paragraph', 'content': 'No public exploit or automated detection tool is currently available, so manual inspection of configuration and environment variables is recommended.'}] [1, 3, 4]

Mitigation Strategies

The primary and recommended mitigation for CVE-2026-4039 is to upgrade OpenClaw to version 2026.2.21-beta.1 or later, which includes a patch that sanitizes skill environment variable overrides and blocks dangerous environment variables such as NODE_OPTIONS.

If upgrading immediately is not possible, ensure that only trusted operators have write access to the OpenClaw configuration files (e.g., ~/.openclaw/openclaw.json) to prevent unauthorized modification of skill environment overrides.

Additionally, manually audit and remove any unsafe or suspicious environment variable overrides from the configuration files.

Monitor logs and console warnings for blocked or suspicious environment variable overrides, as the patched version issues warnings when such overrides are detected.

Summary of immediate mitigation steps:

  • Upgrade OpenClaw to version 2026.2.21-beta.1 or later.
  • Restrict write access to OpenClaw configuration files to trusted users only.
  • Audit and clean skill environment variable overrides in configuration files.
  • Monitor application logs for warnings related to blocked or suspicious environment variables.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4039. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart