CVE-2026-24763
published 2026-02-02CVE-2026-24763: OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in…
PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.77%
90.8th percentile
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clawdbot | clawdbot | < 2026.1.29 | 2026.1.29 |
| clawdbot | clawdbot | >= 0 < 2026.1.29 | 2026.1.29 |
| openclaw | openclaw | < 2026.1.29 | 2026.1.29 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2026-24763 requires an authenticated user who can control environment variables; alert on environment variable modifications (especially PATH) by authenticated OpenClaw sessions preceding shell command execution. ↗
- →CVE-2026-24763 is one of two command injection CVEs identified in OpenClaw (formerly Clawdbot/Moltbot); correlate with CVE-2026-25157 and CVE-2026-25253 for chained exploitation attempts targeting the gateway. ↗
- ·Vulnerability is fixed in version 2026.1.29; any OpenClaw instance running a version prior to 2026.1.29 is vulnerable. ↗
- ·Exploitation requires the attacker to be an authenticated user with the ability to control environment variables; unauthenticated exploitation is not described for this specific CVE, though authentication bypass (separate issue) exists in the gateway. ↗
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
ghsa·2026-02-02
CVE-2026-24763 [HIGH] CWE-78 OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
### Summary
A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands.
An authenticated user able to control environment variables could influence command execution within the container context.
This issue has been fixed and regression tests have been added to prevent reintroduction.
### Impact
In environments where Docker sandbox mode was enabled, authenticated users capable of supplying environment variables could affect the behavior of commands executed inside the container.
This could lead to:
1. Execution of unintended commands inside the container
2. Access to
OSV
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
osv·2026-02-02
CVE-2026-24763 [HIGH] OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
### Summary
A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands.
An authenticated user able to control environment variables could influence command execution within the container context.
This issue has been fixed and regression tests have been added to prevent reintroduction.
### Impact
In environments where Docker sandbox mode was enabled, authenticated users capable of supplying environment variables could affect the behavior of commands executed inside the container.
This could lead to:
1. Execution of unintended commands inside the container
2. Access to
No detection rules found.
No public exploits indexed.
Tenable
Clawdbot: How to Mitigate Agentic AI Security Vulnerabilities
blogs_tenable·2026-02-03
Clawdbot: How to Mitigate Agentic AI Security Vulnerabilities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Wiz
CVE-2026-24763 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-24763 [HIGH] CVE-2026-24763 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24763 :
Homebrew vulnerability analysis and mitigation
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.
Source : NVD
## 8.8
Score
Published February 2, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Homebrew
OpenClaw (formerly Moltbot or Clawdbot)
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Prob
2026-02-02
Published