OpenClaw, Build Tool Environment Variable Injection, CVE-2026-XXXXX (High)

Listen to this Post

How the Mentioned CVE Works

OpenClaw versions before the fix on `2026.4.8` suffer from a build‑tool environment injection vulnerability because several critical environment variables were not included in the exec‑env denylist.
– The affected variables are HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS.
– These variables are commonly used by build tools (Mercurial, Cargo, Make) to redirect execution (e.g., `RUSTC_WRAPPER` can point to a malicious binary).
– When OpenClaw runs a command via the `exec` tool, it normally strips dangerous environment variables.
– Because the above four were missing from the denylist, an attacker who can control the environment of an OpenClaw process can inject arbitrary code that runs during a build or tool invocation.
– For example, setting `RUSTC_WRAPPER=/tmp/malicious.sh` would cause `cargo build` to execute `/tmp/malicious.sh` instead of the real Rust compiler.
– The injected code runs with the same privileges as the OpenClaw process – typically full user privileges on the host system.
– This allows the attacker to execute arbitrary commands, read/write files, install backdoors, or pivot to other systems.
– The vulnerability is considered High severity because it requires only the ability to set environment variables (e.g., via a crafted API request or a malicious skill).
– The fix, included in commit `d7c3210cd6f5fdfdc1beff4c9541673e814354d5` and released in npm version 2026.4.8, adds these four variables to the denylist.
– After the fix, OpenClaw will reject any attempt to pass these variables to a subprocess, preventing the injection.
– Users are strongly advised to upgrade immediately to version `2026.4.8` or later.

DailyCVE Form

Platform: npm
Version: <2026.4.8
Vulnerability : env injection
Severity: High
date: 2026-04-08

Prediction: 2026-04-15

What Undercode Say:

Analytics show that this vulnerability is particularly dangerous because build‑tool environment variables are often overlooked in security reviews. The following bash commands can help assess and mitigate the risk:

Check current OpenClaw version
npm list openclaw
Simulate a malicious environment (before fix)
export RUSTC_WRAPPER=/tmp/evil.sh
openclaw exec "cargo build"
Verify that the denylist now includes these variables (after fix)
grep -E "(HGRCPATH|CARGO_BUILD_RUSTC_WRAPPER|RUSTC_WRAPPER|MAKEFLAGS)" \
/path/to/openclaw/src/infra/host-env-security.ts

How Exploit:

An attacker with the ability to set environment variables for an OpenClaw process (e.g., via a malicious skill, a crafted API call, or a compromised configuration) can inject one of the missing variables. For example:

Attacker-controlled environment
export RUSTC_WRAPPER=/tmp/evil.sh
openclaw exec "cargo build"

When OpenClaw executes cargo build, the Cargo build system will run `/tmp/evil.sh` instead of rustc, executing arbitrary code.

Protection from this CVE

  • Immediately upgrade OpenClaw to version `2026.4.8` or later.
  • If upgrade is not possible, manually denylist the affected variables in your environment before running OpenClaw:
    unset HGRCPATH CARGO_BUILD_RUSTC_WRAPPER RUSTC_WRAPPER MAKEFLAGS
    
  • Restrict who can set environment variables for OpenClaw (e.g., use a dedicated service account, avoid untrusted skills).
  • Monitor logs for unexpected subprocess executions (e.g., `rustc` being replaced by a wrapper).

Impact

  • Remote Code Execution (RCE) with the privileges of the OpenClaw process.
  • Attackers can steal sensitive data, install backdoors, or pivot to other systems.
  • Because OpenClaw often runs with high privileges (to interact with the host), the impact can be full system compromise.
  • This vulnerability affects any OpenClaw installation that executes build commands (e.g., via `exec` or system.run).
  • The fix is backward‑compatible and only adds denylist entries – no configuration changes are required for protection.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top