Cyber Resilience

CVE-2026-41384

HighPublic PoC

Published: 28 April 2026

Published
28 April 2026
Modified
01 May 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0014 3.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41384 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 3.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-41384 is an environment variable injection vulnerability in OpenClaw versions before 2026.3.24. The flaw affects the CLI backend runner component, where attackers can inject malicious environment variables through workspace configuration files. This issue, published on 2026-04-28 and mapped to CWE-15, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H).

A local attacker with no required privileges can exploit the vulnerability by crafting malicious workspace configurations. Exploitation requires user interaction, such as tricking a user into loading the tainted config. Successful attacks enable injection of arbitrary environment variables into backend process spawning, potentially resulting in code execution or sensitive data exposure.

Advisories recommend upgrading to OpenClaw 2026.3.24 or later to mitigate the issue. The fixing commit is available at https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664ec24. Further details appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxg and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-config-in-cli-backend.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process…

more

spawning, enabling code execution or sensitive data exposure.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Vulnerability enables code execution via malicious workspace config file requiring user interaction to load, directly mapping to client-side exploitation (T1203) and user execution of malicious file (T1204.002); env var injection into process spawning facilitates the code exec impact.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-43531Same product: Openclaw Openclaw
CVE-2026-41294Same product: Openclaw Openclaw
CVE-2026-35650Same product: Openclaw Openclaw
CVE-2026-32920Same product: Openclaw Openclaw
CVE-2026-22177Same product: Openclaw Openclaw
CVE-2026-41295Same product: Openclaw Openclaw
CVE-2026-41336Same product: Openclaw Openclaw
CVE-2026-32979Same product: Openclaw Openclaw
CVE-2026-35641Same product: Openclaw Openclaw
CVE-2026-41355Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.24

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the CVE by identifying, reporting, and remediating the environment variable injection flaw through timely software upgrades to OpenClaw 2026.3.24 or later.

prevent

Validates workspace configuration inputs to block malicious environment variable injection into the CLI backend runner process spawning.

prevent

Enforces secure configuration settings in the CLI backend to restrict or sanitize environment variable inheritance from untrusted workspace configurations.

References