CVE-2026-41387

HighPublic PoC

Published: 28 April 2026

Published

28 April 2026

Modified

30 April 2026

KEV Added

—

Patch

—

CVSS Score 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0002 5.3th percentile

Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-41387 is a high-severity Permissive List of Allowed Inputs (CWE-183) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Dependencies and Development Tools (T1195.001); ranked at the 5.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-7 (Software, Firmware, and Information Integrity).

Threat & Defense at a Glance

What attackers do: exploitation maps to Compromise Software Dependencies and Development Tools (T1195.001) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SR-11 Component Authenticity good match

prevent

Verifies the authenticity of software components to prevent redirection of package resolution to attacker-controlled infrastructure serving trojanized content.

SI-10 Information Input Validation good match

prevent

Enforces validation of information inputs such as environment variables to block incomplete sanitization allowing package-manager overrides.

SI-7 Software, Firmware, and Information Integrity good match

preventdetect

Performs integrity verification of software and firmware to detect and prevent execution of trojanized content introduced via runtime bootstrap redirection.

MITRE ATT&CK Enterprise TechniquesAI

T1195.001 Compromise Software Dependencies and Development Tools Initial Access

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.

attack.mitre.org →

T1195.002 Compromise Software Supply Chain Initial Access

Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.

attack.mitre.org →

Why these techniques?

The vulnerability enables redirection of package resolution and runtime bootstrap to attacker-controlled infrastructure via incomplete environment variable sanitization, directly facilitating supply chain compromise by allowing execution of trojanized dependencies or software.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

OpenClaw before 2026.3.22 contains an incomplete host environment variable sanitization vulnerability in host-env-security-policy.json and host-env-security.ts that allows package-manager environment overrides. Attackers can exploit approved exec requests to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.

Deeper analysisAI

CVE-2026-41387 is an incomplete host environment variable sanitization vulnerability affecting OpenClaw versions before 2026.3.22. The issue resides in the files host-env-security-policy.json and host-env-security.ts, which fail to properly prevent package-manager environment overrides. Published on 2026-04-28, it carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and is associated with CWE-183.

A local attacker can exploit the vulnerability through approved exec requests, redirecting package resolution or runtime bootstrap processes to attacker-controlled infrastructure. This enables the execution of trojanized content, potentially compromising confidentiality, integrity, and availability with high impact. Exploitation requires user interaction but no special privileges.

Mitigation guidance is provided in the official OpenClaw security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4 and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization. Upgrading to OpenClaw 2026.3.22 or later addresses the vulnerability.

Details

CWE(s): CWE-183

Affected Products

openclaw

≤ 2026.3.22

CVEs Like This One

CVE-2026-43569Same product: Openclaw Openclaw

CVE-2026-42428Same product: Openclaw Openclaw

CVE-2026-41342Same product: Openclaw Openclaw

CVE-2026-28473Same product: Openclaw Openclaw

CVE-2026-32032Same product: Openclaw Openclaw

CVE-2026-41344Same product: Openclaw Openclaw

CVE-2026-41392Same product: Openclaw Openclaw

CVE-2026-41329Same product: Openclaw Openclaw

CVE-2026-27523Same product: Openclaw Openclaw

CVE-2026-34426Same product: Openclaw Openclaw

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-j7p2-qcwm-94v4
Vendor Advisory · disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-supply-chain-redirection-via-incomplete-host-environment-sanitization
Third Party Advisory · disclosure@vulncheck.com