CVE-2026-53858
Analyzed Analyzed - Analysis Complete

Environment Variable Injection in OpenClaw

Vulnerability report for CVE-2026-53858, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-16

Last updated on: 2026-06-18

Assigner: VulnCheck

Description

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability where workspace .env STATE_DIRECTORY could influence bundled runtime dependency roots. Attackers can manipulate the STATE_DIRECTORY variable to load runtime dependencies from unintended local paths, potentially executing malicious code during dependency resolution.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-16
Last Modified
2026-06-18
Generated
2026-07-07
AI Q&A
2026-06-16
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.2 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-426 The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

Detection of this vulnerability involves checking for the presence and contents of the workspace .env file that sets the STATE_DIRECTORY environment variable before runtime dependency resolution in OpenClaw versions prior to 2026.5.2.

You can inspect the environment variable STATE_DIRECTORY in your system or workspace environment to see if it points to unexpected or untrusted local paths that could be exploited.

Suggested commands to detect potential exploitation or presence of the vulnerability include:

  • On Unix/Linux systems, check the environment variable STATE_DIRECTORY: `echo $STATE_DIRECTORY`
  • Search for .env files in your workspace directories that might set STATE_DIRECTORY: `grep -r STATE_DIRECTORY /path/to/workspace`
  • Check running processes or scripts for environment variable injection or unusual paths related to STATE_DIRECTORY.

Additionally, ensure your OpenClaw version is updated to 2026.5.2 or later to mitigate this vulnerability.

Executive Summary

CVE-2026-53858 is a vulnerability in OpenClaw versions before 2026.5.2 where the workspace .env file can manipulate the STATE_DIRECTORY environment variable. This variable influences the roots of bundled runtime dependencies.

Attackers can exploit this by changing the STATE_DIRECTORY to load runtime dependencies from unintended local paths. This can cause malicious code to be executed during the dependency resolution process.

The vulnerability arises from an untrusted search path issue, meaning that the software may load code from locations that are not properly verified or trusted.

Impact Analysis

If exploited, this vulnerability can lead to the execution of malicious code on your system during the runtime dependency loading phase.

The impact depends on your configuration and whether untrusted input can influence the STATE_DIRECTORY path. If an attacker can control this, they might load harmful dependencies from local paths.

This could compromise the integrity and security of your OpenClaw environment, potentially allowing unauthorized actions or code execution.

Mitigation Strategies

To mitigate the CVE-2026-53858 vulnerability in OpenClaw, you should upgrade to version 2026.5.2 or later, where the issue is patched.

Avoid opening untrusted workspace .env files before dependency installation to prevent manipulation of the STATE_DIRECTORY environment variable.

Disable the feature that allows the STATE_DIRECTORY environment variable to influence runtime dependency roots if it is not necessary in your environment.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53858. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart