CVE-2026-22177— OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars

CVSS 6.1 · Medium EPSS 0.03% · P7 Updated Apr 09, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-22177

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars

Source: NVD (National Vulnerability Database)

Vulnerability Description

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the OpenClaw gateway service runtime context.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

系统设置或配置在外部可控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenClaw 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.21之前版本存在安全漏洞，该漏洞源于未过滤危险的进程控制环境变量，可能导致启动时代码执行。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
OpenClaw	OpenClaw	0 ~ 2026.2.21	-

II. Public POCs for CVE-2026-22177

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-22177

请登录查看更多情报信息。

Same Patch Batch · OpenClaw · 2026-03-18 · 16 CVEs total

CVE-2026-22171	8.2 HIGH	OpenClaw < 2026.2.19 - Path Traversal in Feishu Media Temporary File Naming
CVE-2026-22181	7.6 HIGH	OpenClaw < 2026.3.2 - DNS Pinning Bypass via Environment Proxy Configuration in web_fetch
CVE-2026-22179	7.2 HIGH	OpenClaw < 2026.2.22 - Allowlist Bypass via Command Substitution in system.run
CVE-2026-22175	7.1 HIGH	OpenClaw < 2026.2.23 - Exec Approval Bypass via Unrecognized Multiplexer Shell Wrappers
CVE-2026-22174	6.8 MEDIUM	OpenClaw < 2026.2.22 - Gateway Token Disclosure via Chrome CDP Probe
CVE-2026-22169	6.7 MEDIUM	OpenClaw < 2026.2.22 - Allowlist Bypass via sort Configuration in safeBins
CVE-2026-27522	6.5 MEDIUM	OpenClaw < 2026.2.24 - Arbitrary File Read via sendAttachment and setGroupIcon Message Act
CVE-2026-22178	6.5 MEDIUM	OpenClaw < 2026.2.19 - ReDoS and Regex Injection via Unescaped Feishu Mention Metadata
CVE-2026-22170	6.5 MEDIUM	OpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom Configuration
CVE-2026-22168	6.5 MEDIUM	OpenClaw < 2026.2.21 - Command Injection via cmd.exe /c Trailing Arguments in system.run
CVE-2026-27545	6.1 MEDIUM	OpenClaw < 2026.2.26 - Approval Bypass via Parent Symlink Current Working Directory Rebind
CVE-2026-27523	6.1 MEDIUM	OpenClaw < 2026.2.24 - Sandbox Bind Validation Bypass via Symlink-Parent Missing-Leaf Path
CVE-2026-22217	6.1 MEDIUM	OpenClaw 2026.2.22 < 2026.2.23 - Arbitrary Binary Execution via $SHELL Environment Variabl
CVE-2026-22180	5.3 MEDIUM	OpenClaw < 2026.3.2 - Path Confinement Bypass in Browser Output and File Write Operations
CVE-2026-27524	4.3 MEDIUM	OpenClaw < 2026.2.21 - Prototype Pollution via Debug Override Path

IV. Related Vulnerabilities

Same product: OpenClaw

Same vendor: OpenClaw

Same weakness: CWE-15

V. Comments for CVE-2026-22177

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-22177— OpenClaw < 2026.2.21 - Environment Variable Injection via Config env.vars

I. Basic Information for CVE-2026-22177

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-22177

III. Intelligence Information for CVE-2026-22177

Same Patch Batch · OpenClaw · 2026-03-18 · 16 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-22177

Leave a comment