cbcvebase.
CVE-2026-24763
published 2026-02-02

CVE-2026-24763: OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in…

PriorityP264high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
4.77%
90.8th percentile
OpenClaw (formerly Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29.

Affected

3 ranges
VendorProductVersion rangeFixed in
clawdbotclawdbot< 2026.1.292026.1.29
clawdbotclawdbot>= 0 < 2026.1.292026.1.29
openclawopenclaw< 2026.1.292026.1.29

Detection & IOCsextracted from sources · hover to see the quote

  • CVE-2026-24763 requires an authenticated user who can control environment variables; alert on environment variable modifications (especially PATH) by authenticated OpenClaw sessions preceding shell command execution.
  • CVE-2026-24763 is one of two command injection CVEs identified in OpenClaw (formerly Clawdbot/Moltbot); correlate with CVE-2026-25157 and CVE-2026-25253 for chained exploitation attempts targeting the gateway.
  • ·Vulnerability is fixed in version 2026.1.29; any OpenClaw instance running a version prior to 2026.1.29 is vulnerable.
  • ·Exploitation requires the attacker to be an authenticated user with the ability to control environment variables; unauthenticated exploitation is not described for this specific CVE, though authentication bypass (separate issue) exists in the gateway.
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.