CVE-2026-34426 in OpenClawИнформация

Сводка (Английский)

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Ответственный

VulnCheck

Резервировать

27.03.2026

Раскрытие

02.04.2026

Статус

Подтверждённый

Записи

VulDB provides additional information and datapoints for this CVE:

ИДУязвимостьCWEЭксКонCVE
354979OpenClaw Environment Variable эскалация привилегий184Не определеноОфициальное исправлениеCVE-2026-34426

Описание

CPE

CWE

CVSS

Эксплойты

История

Разница

Связать

Разведка угроз

API JSON

API XML

API CSV

Источники

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!