Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
OpenClaw allows execution of malicious programs from Homebrew directory
GHSA-p4wh-cr8m-gm6c
Summary
OpenClaw, a package manager for Node.js, has a security issue that allows attackers to run malicious programs if they can influence the `SHELL` environment variable. This could happen if an attacker can write to a directory where OpenClaw trusts executable files. To fix this, OpenClaw now only allows the use of shells explicitly listed in `/etc/shells`, and falls back to a safe shell if none are found. Users should update to the latest version of OpenClaw, version 2026.2.23, to protect their systems.
What to do
- Update openclaw to version 2026.2.23.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | > 2026.2.22 , <= 2026.2.23 | 2026.2.23 |
Original title
OpenClaw: shell-env trusted-prefix fallback allowed attacker-controlled binary execution via $SHELL
Original description
### Summary
`shell-env` fallback trusted prefix-based executable paths for `$SHELL`, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios.
### Details
In affected versions, shell selection accepted either:
1. a shell listed in `/etc/shells`, or
2. any executable under hardcoded trusted prefixes (`/bin`, `/usr/bin`, `/usr/local/bin`, `/opt/homebrew/bin`, `/run/current-system/sw/bin`).
The selected shell was then executed as a login shell (`-l -c 'env -0'`) for PATH/environment probing.
On systems where a trusted-prefix directory is writable (for example common Homebrew layouts under `/opt/homebrew/bin`) and runtime `$SHELL` can be influenced, this enabled attacker-controlled binary execution in OpenClaw process context.
The fix removes the trusted-prefix executable fallback and now trusts only shells explicitly registered in `/etc/shells`; otherwise it falls back to `/bin/sh`.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `>= 2026.2.22, <= 2026.2.22-2`
- Latest published vulnerable version: `2026.2.22-2`
- Patched versions (released): `>= 2026.2.23`
### Fix Commit(s)
- `ff10fe8b91670044a6bb0cd85deb736a0ec8fb55`
### Release Process Note
This advisory sets `patched_versions` to the released version (`2026.2.23`).
This advisory now reflects released fix version `2026.2.23`.
OpenClaw thanks @tdjackey for reporting.
`shell-env` fallback trusted prefix-based executable paths for `$SHELL`, allowing execution of attacker-controlled binaries in local/runtime-env influence scenarios.
### Details
In affected versions, shell selection accepted either:
1. a shell listed in `/etc/shells`, or
2. any executable under hardcoded trusted prefixes (`/bin`, `/usr/bin`, `/usr/local/bin`, `/opt/homebrew/bin`, `/run/current-system/sw/bin`).
The selected shell was then executed as a login shell (`-l -c 'env -0'`) for PATH/environment probing.
On systems where a trusted-prefix directory is writable (for example common Homebrew layouts under `/opt/homebrew/bin`) and runtime `$SHELL` can be influenced, this enabled attacker-controlled binary execution in OpenClaw process context.
The fix removes the trusted-prefix executable fallback and now trusts only shells explicitly registered in `/etc/shells`; otherwise it falls back to `/bin/sh`.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `>= 2026.2.22, <= 2026.2.22-2`
- Latest published vulnerable version: `2026.2.22-2`
- Patched versions (released): `>= 2026.2.23`
### Fix Commit(s)
- `ff10fe8b91670044a6bb0cd85deb736a0ec8fb55`
### Release Process Note
This advisory sets `patched_versions` to the released version (`2026.2.23`).
This advisory now reflects released fix version `2026.2.23`.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
8.5
Vulnerability type
CWE-184
CWE-829
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026