DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-CM8V-2VH9-CXF3: GHSA-cm8v-2vh9-cxf3: Remote Code Execution via Incomplete Environment Variable Denylist in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-cm8v-2vh9-cxf3: Remote Code Execution via Incomplete Environment Variable Denylist in OpenClaw

Vulnerability ID: GHSA-CM8V-2VH9-CXF3
CVSS Score: 8.8
Published: 2026-04-09

OpenClaw, an open-source AI assistant tool, suffers from a command execution vulnerability due to an incomplete blocklist of environment variables. The failure to filter Git plumbing variables such as GIT_DIR allows attackers to hijack subsequent Git command executions and achieve arbitrary code execution.

TL;DR

An incomplete denylist in OpenClaw's host execution security policy fails to block Git plumbing environment variables like GIT_DIR. Attackers can inject these variables to redirect Git operations to malicious repositories, leading to arbitrary code execution via Git hooks.

⚠️ Exploit Status: POC

Technical Details

  • CWE: CWE-184
  • Attack Vector: Local / Execution Pipeline
  • Impact: Arbitrary Code Execution (RCE)
  • CVSS: 8.8
  • Exploit Status: Confirmed Vector
  • Remediation: Upgrade to 2026.4.8

Affected Systems

  • OpenClaw npm package (< 2026.4.8)
  • openclaw: < 2026.4.8 (Fixed in: 2026.4.8)

Mitigation Strategies

  • Upgrade the openclaw package to version 2026.4.8 or later.
  • Implement a strict allowlist for environment variables rather than relying on a denylist.
  • Run the OpenClaw execution environment within a sandbox or tightly scoped container with limited file system and network privileges.
  • Disable unnecessary plugins or skills that require executing host commands if not strictly needed.

Remediation Steps:

  1. Identify all projects utilizing the openclaw npm package.
  2. Update the package.json dependency to require openclaw@^2026.4.8.
  3. Run npm install or yarn install to pull the patched version.
  4. Audit existing plugins and skills to ensure no malicious environment variables are being supplied via user input.
  5. Restart the OpenClaw service to ensure the new security policy is loaded into memory.

References

Read the full report for GHSA-CM8V-2VH9-CXF3 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)