Home / Vulnerability Intelligence / CVE-2026-29610

CVE-2026-29610 - Vulnerability Analysis

HighCVSS: 8.8

Last Updated: March 6, 2026

OpenClaw - Command Injection

Published: March 5, 2026Updated: March 6, 2026Remote Exploitable

Overview

OpenClaw < 2026.2.14 contains a command injection caused by manipulation of PATH environment variables in node-host execution or project-local bootstrapping, letting authenticated attackers execute arbitrary commands.

Severity & Score

Severity: High

CVSS Score: 8.8

EPSS Score: 6.5%(Probability of exploitation in next 30 days)

Impact

Authenticated attackers can execute arbitrary commands by hijacking PATH environment variables, potentially leading to full system compromise.

Mitigation

Update to version 2026.2.14 or later.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Mar 6, 2026

🟠 CVE-2026-29610 - High (7.8) OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers wi... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-29610/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2026-29610
Severity: High
CVSS Score: 8.8
Type: command_injection
Status: new
EPSS: 6.5%
Social Posts: 1

CWE

CWE-427

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

6.5%Probability of exploitation in the next 30 days