CVE-2026-34426

HIGH

OpenClaw - Approval Bypass via Environment Variable Normalization

Title source: cna

Description

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.

References (4)

Core 4

Core References

Vendor Advisory vendor-advisory

GitHub Security Advisory (GHSA-h3x4-hc5v-v2gm)

https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47

Issue Tracking issue-tracking

Patch Commit #1

https://github.com/openclaw/openclaw/pull/59182

Patch patch

https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization

Scores

CVSS v3 7.6

EPSS 0.0026

EPSS Percentile 17.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-184

Status published

Products (3)

npm/openclaw 0 - 2026.3.22npm

openclaw/openclaw < 2026.4.2

OpenClaw/OpenClaw < b57b680c0c34de907d57f60c38fb358e82aef8f7

Published Apr 02, 2026

Tracked Since Apr 03, 2026