CVE-2026-24763
Published: 02 February 2026
Summary
CVE-2026-24763 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked at the 25.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Prevents command injection by validating user-controlled environment variables like PATH prior to their use in shell command construction within the Docker sandbox.
Addresses the vulnerability through timely flaw remediation by applying the fix in OpenClaw version 2026.1.29.
Limits damage from injected commands by enforcing least privilege on processes executing within the container context.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-78 command injection via unsafe PATH handling during shell construction in Docker sandbox directly enables Unix shell execution (T1059.004) and path interception by controlled environment variable (T1574.007).
NVD Description
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell…
more
commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.
Deeper analysisAI
CVE-2026-24763 is a command injection vulnerability (CWE-78) affecting OpenClaw, a personal AI assistant designed to run on users' own devices. Versions prior to 2026.1.29 contain the flaw in OpenClaw's Docker sandbox execution mechanism, caused by unsafe handling of the PATH environment variable during shell command construction.
An authenticated user who can control environment variables is able to exploit the vulnerability to influence command execution within the container context. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation is feasible over the network with low complexity and low privileges required, potentially resulting in high impacts to confidentiality, integrity, and availability.
The vulnerability is addressed in OpenClaw version 2026.1.29. Mitigation details are provided in the GitHub security advisory (GHSA-mc68-q9jw-2h3v), the release notes for v2026.1.29, and the fixing commit (771f23d36b95ec2204cc9a0054045f5d8439ea75).
As a personal AI assistant, OpenClaw's vulnerability highlights risks in sandboxed AI/ML deployments on local devices, though no real-world exploitation has been reported.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai