CVE-2026-43584 - Vulnerability Analysis
HighCVSS: 8.8Last Updated: May 6, 2026
OpenClaw - Insufficient Environment Variable Denylist
Published: May 6, 2026Updated: May 6, 2026Remote Exploitable
Overview
OpenClaw < 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy, letting attackers manipulate high-risk interpreter startup variables to influence execution or network behavior, exploit requires operator-supplied environment variable overrides.
Severity & Score
Severity: High
CVSS Score: 8.8
Impact
Attackers can manipulate interpreter startup variables to alter execution behavior or network connectivity, potentially leading to unauthorized actions or disruptions.
Mitigation
Update to version 2026.4.10 or later.
References
Related Resources
Details
- CVE ID
- CVE-2026-43584
- Severity
- High
- CVSS Score
- 8.8
- Type
- undefined
- Status
- unconfirmed
CWE
- CWE-184
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H