CVE-2026-24763
Published: 02 February 2026
Summary
CVE-2026-24763 is a high-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Unix Shell (T1059.004); ranked in the top 9.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
CVE-2026-24763 is a command injection vulnerability (CWE-78) affecting OpenClaw, a personal AI assistant designed to run on users' own devices. Versions prior to 2026.1.29 contain the flaw in OpenClaw's Docker sandbox execution mechanism, caused by unsafe handling of the PATH environment variable during shell command construction.
An authenticated user who can control environment variables is able to exploit the vulnerability to influence command execution within the container context. The CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) indicates that exploitation is feasible over the network with low complexity and low privileges required, potentially resulting in high impacts to confidentiality, integrity, and availability.
The vulnerability is addressed in OpenClaw version 2026.1.29. Mitigation details are provided in the GitHub security advisory (GHSA-mc68-q9jw-2h3v), the release notes for v2026.1.29, and the fixing commit (771f23d36b95ec2204cc9a0054045f5d8439ea75).
As a personal AI assistant, OpenClaw's vulnerability highlights risks in sandboxed AI/ML deployments on local devices, though no real-world exploitation has been reported.
OWASP Top 10 for Web (2025)
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-5401
Vulnerability details
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell…
more
commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.
- CWE(s)
AI Security AnalysisAI
- AI Category
- LLM Application Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
CWE-78 command injection via unsafe PATH handling during shell construction in Docker sandbox directly enables Unix shell execution (T1059.004) and path interception by controlled environment variable (T1574.007).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Prevents command injection by validating user-controlled environment variables like PATH prior to their use in shell command construction within the Docker sandbox.
Addresses the vulnerability through timely flaw remediation by applying the fix in OpenClaw version 2026.1.29.
Limits damage from injected commands by enforcing least privilege on processes executing within the container context.