An arbitrary code execution flaw in OpenClaw allows attackers with workspace access to compromise the system by overriding executable paths during skill installation.

This vulnerability affects the skill installation flow. An attacker with access to a trusted operator workspace can modify the environment (.env) files to override the selection of the Homebrew executable, forcing the system to execute arbitrary binaries instead of the intended ones.

The CVSS score of 8.8 underscores the severity of this arbitrary code execution risk. If successfully exploited, an attacker could gain control over the system, potentially executing malicious payloads with the privileges of the service performing the skill installation.

Immediate Action: Update OpenClaw to version 2026.5.27 or later to prevent unauthorized executable overrides.

Proactive Monitoring: Audit the contents of workspace configuration files and monitor skill installation logs for any anomalies in executable path selection.

Compensating Controls: Restrict write access to workspace .env files to authorized personnel only and implement file integrity monitoring (FIM) on configuration directories.

Public Exploit Available: false

Because this vulnerability allows for the execution of arbitrary code, it represents a high risk to system integrity. Administrators should apply the update to version 2026.5.27 immediately to ensure that executable paths are validated and cannot be hijacked by malicious configuration files.