CVE-2026-29610
published 2026-03-05CVE-2026-29610: OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH…
PriorityP260high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.46%
36.8th percentile
OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openclaw | openclaw | < 2026.2.14 | 2026.2.14 |
| openclaw | openclaw | >= 0 < 2026.2.14 | 2026.2.14 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect placement of malicious executables in PATH directories that shadow allowlisted safe-bin commands used by OpenClaw (PATH hijacking / command hijacking pattern) ↗
- →Monitor for OpenClaw node-host execution surfaces being invoked with a modified or attacker-controlled PATH environment variable ↗
- →Alert on OpenClaw processes spawning child processes from non-standard or user-writable directories (indicative of project-local bootstrapping abuse in attacker-controlled directories) ↗
- ·Vulnerability only affects OpenClaw versions prior to 2026.2.14; versions 2026.2.14 and later (fixed in npm on Mar 08, 2026 and Homebrew on Mar 12, 2026) are not affected ↗
- ·Exploitation requires either authenticated access to node-host execution surfaces or the ability to run OpenClaw in an attacker-controlled directory; unauthenticated remote exploitation is not described ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv4.07.7HIGHCVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
ghsa·2026-02-18
CVE-2026-29610 [HIGH] CWE-427 OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
# Command hijacking via PATH handling
**Discovered:** 2026-02-04
**Reporter:** @akhmittra
## Summary
OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary ("command hijacking") when running host commands.
This issue primarily matters when OpenClaw is relying on allowlist/safe-bin protections and expects `PATH` to be trustworthy.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.14` (planned next release)
## What Is Required To Trigger This
### A) Node Host PATH override (remote command hijack)
An attacker needs all of the following:
- Authent
OSV
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
osv·2026-02-18
CVE-2026-29610 [HIGH] OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
OpenClaw: Command hijacking via unsafe PATH handling (bootstrapping + node-host PATH overrides)
# Command hijacking via PATH handling
**Discovered:** 2026-02-04
**Reporter:** @akhmittra
## Summary
OpenClaw previously accepted untrusted PATH sources in limited situations. In affected versions, this could cause OpenClaw to resolve and execute an unintended binary ("command hijacking") when running host commands.
This issue primarily matters when OpenClaw is relying on allowlist/safe-bin protections and expects `PATH` to be trustworthy.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected: `= 2026.2.14` (planned next release)
## What Is Required To Trigger This
### A) Node Host PATH override (remote command hijack)
An attacker needs all of the following:
- Authent
No detection rules found.
No public exploits indexed.
2026-03-05
Published