GHSA-rj39-33v7-9xrq: Duplicate Advisory: OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)
(updated )
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-xgf2-vxv2-rrmg. This link is maintained to preserve external references.
Original Description
OpenClaw versions prior to 2026.2.22 fail to sanitize shell startup environment variables HOME and ZDOTDIR in the system.run function, allowing attackers to bypass command allowlist protections. Remote attackers can inject malicious startup files such as .bash_profile or .zshenv to achieve arbitrary code execution before allowlist-evaluated commands are executed.
References
- github.com/advisories/GHSA-rj39-33v7-9xrq
- github.com/openclaw/openclaw/commit/c2c7114ed39a547ab6276e1e933029b9530ee906
- github.com/openclaw/openclaw/security/advisories/GHSA-xgf2-vxv2-rrmg
- nvd.nist.gov/vuln/detail/CVE-2026-32056
- www.vulncheck.com/advisories/openclaw-remote-code-execution-via-shell-startup-environment-variable-injection-in-system-run
Code Behaviors & Features
Detect and mitigate GHSA-rj39-33v7-9xrq with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →