Cyber Resilience

CVE-2026-24763

HighRCE

Published: 02 February 2026

Published
02 February 2026
Modified
13 February 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0477 90.8th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-24763 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-24763 is a command injection vulnerability (CWE-78) affecting OpenClaw, a personal AI assistant designed to run on users' own devices. Versions prior to 2026.1.29 contain the flaw in OpenClaw's Docker sandbox execution mechanism, caused by unsafe handling of the PATH environment variable during shell command construction.

An authenticated user who can control environment variables is able to exploit the vulnerability to influence command execution within the container context. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation is feasible over the network with low complexity and low privileges required, potentially resulting in high impacts to confidentiality, integrity, and availability.

The vulnerability is addressed in OpenClaw version 2026.1.29. Mitigation details are provided in the GitHub security advisory (GHSA-mc68-q9jw-2h3v), the release notes for v2026.1.29, and the fixing commit (771f23d36b95ec2204cc9a0054045f5d8439ea75).

As a personal AI assistant, OpenClaw's vulnerability highlights risks in sandboxed AI/ML deployments on local devices, though no real-world exploitation has been reported.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell…

more

commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059.004 Unix Shell Execution
Adversaries may abuse Unix shell commands and scripts for execution.
T1574.007 Path Interception by PATH Environment Variable Stealth
Adversaries may execute their own malicious payloads by hijacking environment variables used to load libraries.
Why these techniques?

CWE-78 command injection via unsafe PATH handling during shell construction in Docker sandbox directly enables Unix shell execution (T1059.004) and path interception by controlled environment variable (T1574.007).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-26323Same product: Openclaw Openclaw
CVE-2026-28460Same product: Openclaw Openclaw
CVE-2026-31996Same product: Openclaw Openclaw
CVE-2026-32003Same product: Openclaw Openclaw
CVE-2026-22179Same product: Openclaw Openclaw
CVE-2026-32056Same product: Openclaw Openclaw
CVE-2026-32917Same product: Openclaw Openclaw
CVE-2026-27566Same product: Openclaw Openclaw
CVE-2026-28463Same product: Openclaw Openclaw
CVE-2026-32010Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.1.29

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Prevents command injection by validating user-controlled environment variables like PATH prior to their use in shell command construction within the Docker sandbox.

prevent

Addresses the vulnerability through timely flaw remediation by applying the fix in OpenClaw version 2026.1.29.

prevent

Limits damage from injected commands by enforcing least privilege on processes executing within the container context.

References