Zero Day MonitorZDM

← Back to list

7.6

CVE-2026-34426PATCHED

OpenClaw · Environment Variable Handler

OpenClaw - Approval Bypass via Environment Variable Normalization

Description

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.

Affected Products

Vendor	Product	Versions
OpenClaw	Environment Variable Handler	0

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47(vendor-advisory)
https://github.com/openclaw/openclaw/pull/59182(issue-tracking)
https://github.com/openclaw/openclaw/commit/b57b680c0c34de907d57f60c38fb358e82aef8f7(patch)
https://www.vulncheck.com/advisories/openclaw-approval-bypass-via-environment-variable-normalization(third-party-advisory)

Related News (1 articles)

Tier C

VulDB2d ago

CVE-2026-34426 | OpenClaw Environment Variable incomplete blacklist (GHSA-98ch-45wp-ch47)

→ No new info (linked only)

CVSS 3.17.6 NONE

CISA KEV❌ No

Actively exploited❌ No

Patch available

b57b680c0c34de907d57f60c38fb358e82aef8f7

CWECWE-184

PublishedApr 2, 2026

Last enriched2d agov2

Trending Score18

Source articles1

Independent1

Info Completeness7/14

Missing: versions, epss, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-34511EXP

OpenClaw < 2026.4.2 - PKCE Verifier Exposure via OAuth State Parameter

NONECVE-2026-33579

OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

NONECVE-2026-34425EXP

OpenClaw - Shell-Bleed Protection Preflight Validation Bypass

CRITICALCVE-2026-28363

In OpenClaw before 2026.2.23, tools.exec.safeBins validation for sort could be bypassed via GNU long-option abbreviations (such as --compress-prog) in allowlist mode, leading to approval-free executio

CRITICALCVE-2026-30741

A remote code execution (RCE) vulnerability in OpenClaw Agent Platform v2026.2.6 allows attackers to execute arbitrary code via a Request-Side prompt injection attack.

Pin to Dashboard

Verification

State: verified

Confidence: 100%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026

Updated: vendor, product

Apr 2, 2026

Patch Available

Apr 3, 2026

Version History

v2

Last enriched 2d ago

v2Tier C2d ago

Updated vendor to OpenClaw, product to Environment Variable Handler, severity to CRITICAL, and corrected exploit availability to false.

vendorproduct

via VulDB

v12d ago

Initial creation