CVE-2026-34426 in OpenClaw
摘要 (英语)
OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
负责
VulnCheck
预定
2026-03-27
披露
2026-04-02
状态
已确认
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 354979 | OpenClaw Environment Variable 权限提升 | 184 | 未定义 | 官方修复 | CVE-2026-34426 |