CVE-2026-34426
Published: 02 April 2026
Summary
CVE-2026-34426 is a high-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.6 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 14.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
SI-10 directly validates environment variable inputs during approval and execution to prevent bypass via inconsistent normalization and malicious injection.
SI-9 restricts types and quantity of environment variable inputs, limiting injection of non-portable keys discarded in approval but accepted in execution.
SI-2 requires identification and remediation of the normalization inconsistency flaw, aligning logic as implemented in the patching commit.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The approval bypass via inconsistent env var normalization directly enables injection leading to execution of attacker-controlled binaries (T1059 Command and Scripting Interpreter) and achieves high integrity impact from low privileges with scope change (T1068 Exploitation for Privilege Escalation).
NVD Description
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization…
more
logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.
Deeper analysisAI
CVE-2026-34426 is an approval bypass vulnerability affecting OpenClaw versions prior to commit b57b680. The issue stems from inconsistent environment variable normalization between the approval and execution paths, which allows attackers to inject attacker-controlled environment variables into execution without undergoing approval system validation. By exploiting differing normalization logic, non-portable keys are discarded during approval processing but accepted at execution time. The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N) and is associated with CWE-184 (Incomplete List of Disallowed Inputs). It was published on 2026-04-02.
Attackers with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L), though it requires user interaction (UI:R), such as tricking an operator into approving a malicious request. Successful exploitation bypasses operator review, enabling injection of environment variables that alter runtime behavior, including the execution of attacker-controlled binaries. This results in high integrity impact (I:H) with changed scope (S:C), low confidentiality impact (C:L), and no availability impact (A:N).
Advisories and patches recommend updating to OpenClaw commit b57b680 or later, as detailed in the fixing commit at https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7 and associated pull request https://github.com/openclaw/openclaw/pull/59182. The GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47 and VulnCheck analysis at https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization provide further details on the fix, which aligns normalization logic to prevent the bypass.
Details
- CWE(s)