CVE-2026-44995

OpenClaw · OpenClaw

OpenClaw is vulnerable to arbitrary code execution via insecure handling of environment variables, allowing attackers to leverage functionality from an untrusted control sphere.

Executive summary

A vulnerability in OpenClaw allows for arbitrary code execution, posing a high risk of total system compromise to affected environments.

Vulnerability

This vulnerability (CWE-829) arises from the inclusion of functionality from an untrusted control sphere. An authenticated local attacker with low privileges can leverage this flaw to achieve arbitrary code execution.

Business impact

The CVSS score of 7.3 reflects a high severity due to the potential for total impact on confidentiality, integrity, and availability of the affected system. Successful exploitation could allow an attacker to execute arbitrary commands, potentially leading to a complete takeover of the host or unauthorized access to sensitive application data.

Remediation

Immediate Action: Update the OpenClaw package to version 2026.4.20 or later.

Proactive Monitoring: Audit environment variables and system logs for unexpected process execution or modifications to application configuration files.

Compensating Controls: Implement strict file system permissions and restrict user access to the environment where OpenClaw is running to mitigate the risk of local exploitation.

Exploitation status

Public Exploit Available: No (Exploit available: unknown)

Analyst recommendation

Given the potential for arbitrary code execution, organizations should prioritize upgrading to version 2026.4.20 immediately. Although local access is required, the severity of the potential impact warrants an expedited patch cycle to prevent unauthorized system control.