GHSA-7437-7HG8-FRRW: Remote Code Execution via Build Tool Environment Injection in OpenClaw
Vulnerability ID: GHSA-7437-7HG8-FRRW
CVSS Score: 9.8
Published: 2026-04-09
OpenClaw versions prior to 2026.4.7 are vulnerable to Remote Code Execution (RCE) due to improper neutralization of environment variables during the execution of external build tools. By manipulating variables such as RUSTC_WRAPPER or MAKEFLAGS, an attacker can hijack the execution flow of child processes to run arbitrary commands.
TL;DR
Unauthenticated Remote Code Execution in OpenClaw via environment variable injection into build tools like cargo and make. Fixed in version 2026.4.7-1.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-77, CWE-78, CWE-20
- CVSS Score: 9.8 Critical
- Attack Vector: Network
- Impact: Remote Code Execution
- Exploit Status: Proof of Concept
- Affected Component: src/infra/exec/ environment handling
Affected Systems
- OpenClaw versions < 2026.4.7
- Linux and Unix operating environments running OpenClaw
-
OpenClaw: < 2026.4.7 (Fixed in:
2026.4.7-1)
Mitigation Strategies
- Upgrade OpenClaw to version 2026.4.7-1 or later.
- Implement a shell wrapper to strip untrusted environment variables before application startup.
- Run the OpenClaw service under a dedicated, non-privileged system user.
Remediation Steps:
- Verify the currently installed version of OpenClaw.
- Download and deploy the 2026.4.7-1 update from the official vendor repository.
- Restart the OpenClaw service to apply the updated binary.
- Monitor process execution logs for anomalous shell spawns originating from the OpenClaw service account.
References
Read the full report for GHSA-7437-7HG8-FRRW on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)