Cyber Resilience

CVE-2026-34426

MediumPublic PoC

Published: 02 April 2026

Published
02 April 2026
Modified
06 April 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:A/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0006 17.6th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-34426 is a medium-severity Incomplete List of Disallowed Inputs (CWE-184) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Command and Scripting Interpreter (T1059); ranked at the 17.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-34426 is an approval bypass vulnerability affecting OpenClaw versions prior to commit b57b680. The issue stems from inconsistent environment variable normalization between the approval and execution paths, which allows attackers to inject attacker-controlled environment variables into execution without undergoing approval system validation. By exploiting differing normalization logic, non-portable keys are discarded during approval processing but accepted at execution time. The vulnerability has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N) and is associated with CWE-184 (Incomplete List of Disallowed Inputs). It was published on 2026-04-02.

Attackers with low privileges (PR:L) can exploit this vulnerability over the network (AV:N) with low complexity (AC:L), though it requires user interaction (UI:R), such as tricking an operator into approving a malicious request. Successful exploitation bypasses operator review, enabling injection of environment variables that alter runtime behavior, including the execution of attacker-controlled binaries. This results in high integrity impact (I:H) with changed scope (S:C), low confidentiality impact (C:L), and no availability impact (A:N).

Advisories and patches recommend updating to OpenClaw commit b57b680 or later, as detailed in the fixing commit at https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7 and associated pull request https://github.com/openclaw/openclaw/pull/59182. The GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47 and VulnCheck analysis at https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization provide further details on the fix, which aligns normalization logic to prevent the bypass.

EU & UK References

Vulnerability details

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization…

more

logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1059 Command and Scripting Interpreter Execution
Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

The approval bypass via inconsistent env var normalization directly enables injection leading to execution of attacker-controlled binaries (T1059 Command and Scripting Interpreter) and achieves high integrity impact from low privileges with scope change (T1068 Exploitation for Privilege Escalation).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-43578Same product: Openclaw Openclaw
CVE-2026-32017Same product: Openclaw Openclaw
CVE-2026-43566Same product: Openclaw Openclaw
CVE-2026-45006Same product: Openclaw Openclaw
CVE-2026-43532Same product: Openclaw Openclaw
CVE-2026-22175Same product: Openclaw Openclaw
CVE-2026-44115Same product: Openclaw Openclaw
CVE-2026-41392Same product: Openclaw Openclaw
CVE-2026-44114Same product: Openclaw Openclaw
CVE-2026-32014Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.4.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-10 directly validates environment variable inputs during approval and execution to prevent bypass via inconsistent normalization and malicious injection.

prevent

SI-9 restricts types and quantity of environment variable inputs, limiting injection of non-portable keys discarded in approval but accepted in execution.

prevent

SI-2 requires identification and remediation of the normalization inconsistency flaw, aligning logic as implemented in the patching commit.

References