CVE-2026-41336
Published: 23 April 2026
Summary
CVE-2026-41336 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 2.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-3 (Malicious Code Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Timely flaw remediation through patching, such as upgrading to OpenClaw 2026.3.31, directly eliminates the .env override of the hooks directory that enables untrusted code execution.
Integrity verification mechanisms for software components like bundled hooks prevent loading from overridden untrusted directories and detect unauthorized substitutions.
Malicious code protection scanning and restrictions on software from untrusted sources block execution of attacker-controlled hooks loaded via workspace .env files.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary code execution via loading attacker-controlled hooks from a malicious workspace; directly maps to client-side exploitation requiring user interaction to load/open the untrusted content.
NVD Description
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code.
Deeper analysisAI
CVE-2026-41336, published on 2026-04-23, is a vulnerability in OpenClaw versions before 2026.3.31 that allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable. This override enables the loading of attacker-controlled hook code, permitting attackers to replace trusted default-on bundled hooks sourced from untrusted workspaces and execute arbitrary code. The issue carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-829 (Inclusion of Functionality from Untrusted Control Sphere).
A local attacker can exploit this vulnerability by crafting a malicious workspace with a .env file that points OPENCLAW_BUNDLED_HOOKS_DIR to attacker-controlled hooks. Exploitation requires user interaction, such as convincing a victim to load or use the untrusted workspace in OpenClaw, but needs no special privileges. Successful exploitation allows arbitrary code execution in the context of the OpenClaw process, potentially compromising confidentiality, integrity, and availability with high impact.
Mitigation is available via the patch in OpenClaw commit 330a9f98cb29c79b1c16a2117e03d6276a0d6289 on GitHub. Advisories from the OpenClaw GitHub security page (GHSA-3qpv-xf3v-mm45) and VulnCheck recommend upgrading to OpenClaw 2026.3.31 or later to prevent .env file overrides of the hooks directory and block loading of untrusted hook code.
Details
- CWE(s)