GHSA-MC68-Q9JW-2H3V

Vulnerability from github – Published: 2026-02-02 23:39 – Updated: 2026-02-03 16:13
VLAI?
Summary
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Details

Summary

A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands.

An authenticated user able to control environment variables could influence command execution within the container context. This issue has been fixed and regression tests have been added to prevent reintroduction.

Impact

In environments where Docker sandbox mode was enabled, authenticated users capable of supplying environment variables could affect the behavior of commands executed inside the container.

This could lead to: 1. Execution of unintended commands inside the container 2. Access to the container filesystem and environment variables 3. Exposure of sensitive data 4. Increased risk in misconfigured or privileged container environments

Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "database_specific": {
        "last_known_affected_version_range": "\u003c= 2026.1.24"
      },
      "package": {
        "ecosystem": "npm",
        "name": "clawdbot"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.1.29"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-24763"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-78"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-02T23:39:47Z",
    "nvd_published_at": "2026-02-02T23:16:08Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nA Command Injection vulnerability existed in Clawdbot\u2019s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands.\n\nAn authenticated user able to control environment variables could influence command execution within the container context.\nThis issue has been fixed and regression tests have been added to prevent reintroduction.\n\n### Impact\nIn environments where Docker sandbox mode was enabled, authenticated users capable of supplying environment variables could affect the behavior of commands executed inside the container.\n\nThis could lead to:\n1. Execution of unintended commands inside the container\n2. Access to the container filesystem and environment variables\n3. Exposure of sensitive data\n4. Increased risk in misconfigured or privileged container environments",
  "id": "GHSA-mc68-q9jw-2h3v",
  "modified": "2026-02-03T16:13:06Z",
  "published": "2026-02-02T23:39:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/clawdbot/clawdbot/security/advisories/GHSA-mc68-q9jw-2h3v"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24763"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.1.29"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.