Cyber Resilience

CVE-2026-22177

MediumPublic PoC

Published: 18 March 2026

Published
18 March 2026
Modified
08 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0037 28.8th percentile
Risk Priority 35 floored blend · peak EPSS

Summary

CVE-2026-22177 is a medium-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 28.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 CM-5 (Access Restrictions for Change) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2026-22177 affects OpenClaw versions prior to 2026.2.21, where the software fails to filter dangerous process-control environment variables from configuration environment variables. This vulnerability, classified under CWE-15 (External Control of System or Configuration Setting), enables startup-time code execution in the OpenClaw gateway service runtime context. Attackers can inject variables such as NODE_OPTIONS or LD_* through configuration to execute arbitrary code. The issue received a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L) and was published on 2026-03-18.

Local attackers with low privileges can exploit this vulnerability by injecting malicious environment variables into OpenClaw configurations. Exploitation requires local access and low complexity with no user interaction, allowing arbitrary code execution at service startup within the gateway's runtime context. This results in high integrity impact and low availability impact, but no confidentiality impact, as the scope remains unchanged.

Mitigation details are provided in GitHub Security Advisories GHSA-8fmp-37rc-p5g7 and GHSA-w9j9-w4cp-6wgr, a patch commit at https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4, and a VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars. Updating to OpenClaw version 2026.2.21 or later addresses the filtering failure.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the OpenClaw gateway service runtime context.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1574.006 Dynamic Linker Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking environment variables the dynamic linker uses to load shared libraries.
Why these techniques?

Vuln enables arbitrary code exec at service startup via injection of LD_* (dynamic linker hijacking) and NODE_OPTIONS (script interpreter abuse) env vars from config.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-35650Same product: Openclaw Openclaw
CVE-2026-43531Same product: Openclaw Openclaw
CVE-2026-41294Same product: Openclaw Openclaw
CVE-2026-41384Same product: Openclaw Openclaw
CVE-2026-44995Same product: Openclaw Openclaw
CVE-2026-28470Same product: Openclaw Openclaw
CVE-2026-34426Same product: Openclaw Openclaw
CVE-2026-45006Same product: Openclaw Openclaw
CVE-2026-29607Same product: Openclaw Openclaw
CVE-2026-44109Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.21

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires validation and filtering of dangerous process-control environment variables like NODE_OPTIONS or LD_* from configuration inputs at startup.

prevent

Restricts low-privilege local access to OpenClaw configuration files and change mechanisms, preventing injection of malicious environment variables.

prevent

Mandates timely flaw remediation via patching to OpenClaw 2026.2.21 or later, which implements the necessary environment variable filtering.

References