PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-22217 OpenClaw CVE debrief

OpenClaw versions 2026.2.22 and earlier contain an arbitrary code execution vulnerability in the shell-env component. The flaw stems from trusted-prefix fallback logic for the $SHELL environment variable, which can be exploited when attackers control the $SHELL variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin. This allows execution of attacker-controlled binaries within the OpenClaw process context. The vulnerability was published on March 18, 2026, and last modified on May 26, 2026. A patch is available in version 2026.2.23.

Vendor
OpenClaw
Product
Unknown
CVSS
MEDIUM 5.8
CISA KEV
Not listed in stored evidence
Original CVE published
2026-03-18
Original CVE updated
2026-05-26
Advisory published
2026-03-18
Advisory updated
2026-05-26

Who should care

Organizations running OpenClaw version 2026.2.22 on Node.js environments, particularly those with multi-user systems or shared development environments where directory permissions may be misconfigured. System administrators managing Homebrew or similar package manager installations should prioritize this update due to the common use of /opt/homebrew/bin as a trusted-prefix directory.

Technical summary

The vulnerability exists in OpenClaw's shell-env component where trusted-prefix fallback logic for resolving the $SHELL environment variable can be abused. When $SHELL contains a path within a writable trusted-prefix directory (e.g., /opt/homebrew/bin), an attacker with sufficient local access can place a malicious binary at that location. OpenClaw's process will then execute this attacker-controlled binary when performing shell operations. The attack requires local access and low privileges but can result in high integrity impact within the application context. The fix in version 2026.2.23 addresses the fallback logic to prevent this execution path.

Defensive priority

medium

Recommended defensive actions

  • Upgrade OpenClaw to version 2026.2.23 or later to address the shell-env trusted-prefix fallback vulnerability
  • Review and restrict write permissions on trusted-prefix directories such as /opt/homebrew/bin to prevent attacker-controlled binary placement
  • Audit environment variable configurations, particularly $SHELL, on systems running OpenClaw to ensure they point to legitimate binaries
  • Monitor for unexpected process executions within the OpenClaw process context that may indicate exploitation attempts
  • Validate that security controls prevent unprivileged users from modifying critical environment variables used by OpenClaw

Evidence notes

The vulnerability affects OpenClaw running on Node.js, specifically versions from 2026.2.22 up to but not including 2026.2.23. The CVSS 4.0 vector indicates local attack vector with low attack complexity, requiring low privileges but no user interaction. The weakness is classified as CWE-829: Inclusion of Functionality from Untrusted Control Sphere.

Official resources

OpenClaw disclosed this vulnerability through GitHub Security Advisories and coordinated with VulnCheck for third-party analysis. The issue was tracked as GHSA-p4wh-cr8m-gm6c.