Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.
7.7

OpenClaw versions prior to 2026.2.14 allow attackers to execute malicious programs

CVE-2026-29610 GHSA-jqpq-mgvm-f9r6
Summary

Older versions of OpenClaw can be tricked into running unauthorized programs, allowing attackers to gain control. This can happen if an attacker has access to the system or can control the directories where OpenClaw runs. Update to version 2026.2.14 or later to fix this issue.

What to do
  • Update steipete openclaw to version 2026.2.14.
Affected software
VendorProductAffected versionsFix available
steipete openclaw <= 2026.2.14 2026.2.14
openclaw openclaw <= 2026.2.14 –
Original title
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host exec...
Original description
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution.
nvd CVSS3.1 8.8
nvd CVSS4.0 7.7
Vulnerability type
CWE-427 Uncontrolled Search Path Element
CWE-78 OS Command Injection
CWE-807
Published: 5 Mar 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026