CVE-2026-22217: Openclaw Openclaw RCE Vulnerability

CVE-2026-22217 Overview

CVE-2026-22217 is an arbitrary code execution vulnerability affecting OpenClaw version 2026.2.22 prior to 2026.2.23. The vulnerability exists in the shell-env component and allows attackers to execute attacker-controlled binaries by exploiting trusted-prefix fallback logic for the $SHELL environment variable. An attacker can influence the $SHELL environment variable on systems with writable trusted-prefix directories such as /opt/homebrew/bin to execute arbitrary binaries in the OpenClaw process context.

Critical Impact
Successful exploitation allows local attackers to execute arbitrary code within the OpenClaw process context by placing malicious binaries in writable trusted-prefix directories.

Affected Products

OpenClaw versions prior to 2026.2.23
OpenClaw for Node.js (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)

Discovery Timeline

2026-03-18 - CVE-2026-22217 published to NVD
2026-03-18 - Last updated in NVD database

Technical Details for CVE-2026-22217

Vulnerability Analysis

This vulnerability stems from insecure handling of shell environment variable resolution in OpenClaw's shell-env.ts component. The application implements a trusted-prefix fallback mechanism that validates whether the $SHELL environment variable points to a shell binary within predefined "trusted" directories. However, certain directories in this trusted list, particularly /opt/homebrew/bin/, may be writable by non-privileged users on some system configurations.

When OpenClaw resolves the shell path, it checks if the $SHELL value begins with one of the trusted prefixes without verifying whether the binary is actually a legitimate shell listed in /etc/shells. This allows an attacker with write access to a trusted-prefix directory to place a malicious binary there and manipulate the $SHELL environment variable to point to it, resulting in arbitrary code execution within the OpenClaw process context.

Root Cause

The root cause is the inclusion of untrusted functionality (CWE-829) in the shell resolution logic. The vulnerable code defined a hardcoded list of trusted shell prefixes including directories that may be writable by unprivileged users:

typescript

const TRUSTED_SHELL_PREFIXES = [
  "/bin/",
  "/usr/bin/",
  "/usr/local/bin/",
  "/opt/homebrew/bin/",
  "/run/current-system/sw/bin/",
];

The prefix-based validation approach is fundamentally flawed because it trusts any binary residing in these directories rather than validating against the system's authoritative list of valid shells in /etc/shells.

Attack Vector

The attack requires local access and involves the following steps:

The attacker identifies a writable trusted-prefix directory (e.g., /opt/homebrew/bin/)
The attacker places a malicious executable in the writable directory
The attacker sets the $SHELL environment variable to point to the malicious binary
When OpenClaw executes and invokes shell operations, it validates the path against trusted prefixes
The malicious binary executes within the OpenClaw process context

The security patch removes the vulnerable trusted-prefix array entirely, requiring validation against /etc/shells instead:

typescript

// Security patch in src/infra/shell-env.ts
// fix(security): require /etc/shells for shell env fallback

 const DEFAULT_TIMEOUT_MS = 15_000;
 const DEFAULT_MAX_BUFFER_BYTES = 2 * 1024 * 1024;
 const DEFAULT_SHELL = "/bin/sh";
-const TRUSTED_SHELL_PREFIXES = [
-  "/bin/",
-  "/usr/bin/",
-  "/usr/local/bin/",
-  "/opt/homebrew/bin/",
-  "/run/current-system/sw/bin/",
-];
 let lastAppliedKeys: string[] = [];
 let cachedShellPath: string | null | undefined;
 let cachedEtcShells: Set<string> | null | undefined;

Source: GitHub Commit Changes

Detection Methods for CVE-2026-22217

Indicators of Compromise

Unexpected binaries appearing in /opt/homebrew/bin/ or other trusted-prefix directories
Unusual $SHELL environment variable values pointing to non-standard shell binaries
OpenClaw processes spawning suspicious child processes
Modifications to user shell configuration files pointing to untrusted locations

Detection Strategies

Monitor file creation events in directories like /opt/homebrew/bin/, /usr/local/bin/, and similar trusted-prefix paths
Implement file integrity monitoring (FIM) for critical directories
Alert on environment variable manipulation attempts targeting $SHELL
Review OpenClaw process trees for anomalous child process execution patterns

Monitoring Recommendations

Enable audit logging for file system changes in trusted-prefix directories
Configure SentinelOne to monitor for suspicious binary execution from writable directories
Implement behavioral detection for processes attempting to modify $SHELL variables
Review system logs for OpenClaw instances executing unexpected binaries

How to Mitigate CVE-2026-22217

Immediate Actions Required

Upgrade OpenClaw to version 2026.2.23 or later immediately
Audit file permissions on /opt/homebrew/bin/ and other trusted-prefix directories
Review and remove any suspicious binaries from trusted-prefix directories
Restrict write access to trusted-prefix directories to privileged users only

Patch Information

The vulnerability has been addressed in OpenClaw version 2026.2.23. The fix removes the vulnerable trusted-prefix array and instead requires shell binaries to be validated against the system's /etc/shells file, which provides a secure authoritative source for valid shell binaries.

For detailed patch information, refer to the GitHub Security Advisory and the commit implementing the fix.

Workarounds

Restrict write permissions on /opt/homebrew/bin/ and similar directories to root or administrators only
Ensure $SHELL environment variable is set to a valid shell listed in /etc/shells
Implement application whitelisting to prevent execution of unauthorized binaries
Run OpenClaw in a sandboxed environment with restricted file system access

bash

# Configuration example - Restrict permissions on writable trusted-prefix directories
sudo chmod 755 /opt/homebrew/bin
sudo chown root:admin /opt/homebrew/bin

# Verify $SHELL is a valid system shell
grep "$SHELL" /etc/shells || echo "Warning: Current shell not in /etc/shells"

# Audit for unexpected files in trusted directories
find /opt/homebrew/bin -type f -newer /var/log/install.log -ls

CVE-2026-22217 Overview

Critical Impact
Successful exploitation allows local attackers to execute arbitrary code within the OpenClaw process context by placing malicious binaries in writable trusted-prefix directories.

Affected Products

OpenClaw versions prior to 2026.2.23
OpenClaw for Node.js (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)

Discovery Timeline

2026-03-18 - CVE-2026-22217 published to NVD
2026-03-18 - Last updated in NVD database

Technical Details for CVE-2026-22217

Vulnerability Analysis

Root Cause

typescript

const TRUSTED_SHELL_PREFIXES = [
  "/bin/",
  "/usr/bin/",
  "/usr/local/bin/",
  "/opt/homebrew/bin/",
  "/run/current-system/sw/bin/",
];

Attack Vector

The attack requires local access and involves the following steps:

The attacker identifies a writable trusted-prefix directory (e.g., /opt/homebrew/bin/)
The attacker places a malicious executable in the writable directory
The attacker sets the $SHELL environment variable to point to the malicious binary
When OpenClaw executes and invokes shell operations, it validates the path against trusted prefixes
The malicious binary executes within the OpenClaw process context

The security patch removes the vulnerable trusted-prefix array entirely, requiring validation against /etc/shells instead:

typescript

// Security patch in src/infra/shell-env.ts
// fix(security): require /etc/shells for shell env fallback

 const DEFAULT_TIMEOUT_MS = 15_000;
 const DEFAULT_MAX_BUFFER_BYTES = 2 * 1024 * 1024;
 const DEFAULT_SHELL = "/bin/sh";
-const TRUSTED_SHELL_PREFIXES = [
-  "/bin/",
-  "/usr/bin/",
-  "/usr/local/bin/",
-  "/opt/homebrew/bin/",
-  "/run/current-system/sw/bin/",
-];
 let lastAppliedKeys: string[] = [];
 let cachedShellPath: string | null | undefined;
 let cachedEtcShells: Set<string> | null | undefined;

Source: GitHub Commit Changes

Detection Methods for CVE-2026-22217

Indicators of Compromise

Unexpected binaries appearing in /opt/homebrew/bin/ or other trusted-prefix directories
Unusual $SHELL environment variable values pointing to non-standard shell binaries
OpenClaw processes spawning suspicious child processes
Modifications to user shell configuration files pointing to untrusted locations

Detection Strategies

Monitor file creation events in directories like /opt/homebrew/bin/, /usr/local/bin/, and similar trusted-prefix paths
Implement file integrity monitoring (FIM) for critical directories
Alert on environment variable manipulation attempts targeting $SHELL
Review OpenClaw process trees for anomalous child process execution patterns

Monitoring Recommendations

Enable audit logging for file system changes in trusted-prefix directories
Configure SentinelOne to monitor for suspicious binary execution from writable directories
Implement behavioral detection for processes attempting to modify $SHELL variables
Review system logs for OpenClaw instances executing unexpected binaries

How to Mitigate CVE-2026-22217

Immediate Actions Required

Upgrade OpenClaw to version 2026.2.23 or later immediately
Audit file permissions on /opt/homebrew/bin/ and other trusted-prefix directories
Review and remove any suspicious binaries from trusted-prefix directories
Restrict write access to trusted-prefix directories to privileged users only

Patch Information

For detailed patch information, refer to the GitHub Security Advisory and the commit implementing the fix.

Workarounds

Restrict write permissions on /opt/homebrew/bin/ and similar directories to root or administrators only
Ensure $SHELL environment variable is set to a valid shell listed in /etc/shells
Implement application whitelisting to prevent execution of unauthorized binaries
Run OpenClaw in a sandboxed environment with restricted file system access

bash

# Configuration example - Restrict permissions on writable trusted-prefix directories
sudo chmod 755 /opt/homebrew/bin
sudo chown root:admin /opt/homebrew/bin

# Verify $SHELL is a valid system shell
grep "$SHELL" /etc/shells || echo "Warning: Current shell not in /etc/shells"

# Audit for unexpected files in trusted directories
find /opt/homebrew/bin -type f -newer /var/log/install.log -ls

CVE-2026-22217: Openclaw Openclaw RCE Vulnerability

CVE-2026-22217 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-22217

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-22217

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-22217

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform

CVE-2026-22217: Openclaw Openclaw RCE Vulnerability

CVE-2026-22217 Overview

Critical Impact

Affected Products

Discovery Timeline

Technical Details for CVE-2026-22217

Vulnerability Analysis

Root Cause

Attack Vector

Detection Methods for CVE-2026-22217

Indicators of Compromise

Detection Strategies

Monitoring Recommendations

How to Mitigate CVE-2026-22217

Immediate Actions Required

Patch Information

Workarounds

Experience the World’s Most Advanced Cybersecurity Platform