CVE-2026-24763 – OpenClaw Command Injection Vulnerabilities

Multiple high-severity vulnerabilities in OpenClaw, a self-hosted AI assistant platform, allow attackers to execute arbitrary system commands under certain conditions. The issues are tracked as CVE-2026-24763 and CVE-2026-25593, both stemming from improper handling of command execution paths and configuration values that can be manipulated by attackers.

CVE-2026-24763 carries a CVSS v3.1 score of 8.8 (High). In versions prior to 2026.1.29, OpenClaw improperly handles the PATH environment variable when constructing shell commands inside its Docker sandbox execution environment. An authenticated user capable of influencing environment variables can inject malicious commands, allowing execution within the container and potentially exposing sensitive data or system resources.

CVE-2026-25593 carries a CVSS v3.1 score of 8.4 (High). Versions prior to 2026.1.20 allow an unauthenticated local client to abuse the Gateway WebSocket API through the config.apply function. By setting unsafe cliPath values in configuration files, an attacker can trigger command injection when the system performs command discovery, resulting in arbitrary command execution with the privileges of the gateway process user.

Security updates in OpenClaw versions 2026.1.20 and 2026.1.29 correct the unsafe command handling and configuration validation that enabled these attacks.