Description

OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.

INFO

Published Date :

2026-02-02T21:53:07.640Z

Last Modified :

2026-02-04T16:53:56.345Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2026-24763 vulnerability.

Vendors Products
Openclaw
  • Openclaw
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2026-24763.

URL Resource
https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75 cve-icon cve-icon
https://github.com/openclaw/openclaw/releases/tag/v2026.1.29 cve-icon cve-icon
https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact