CVE-2026-41294 Overview
OpenClaw before version 2026.3.28 contains an environment variable injection vulnerability that stems from improper loading order of .env configuration files. The application loads the current working directory (CWD) .env file before trusted state-dir configuration, enabling attackers to override runtime configuration and security-sensitive environment settings during OpenClaw startup.
Critical Impact
Attackers can place a malicious .env file in a repository or workspace to inject arbitrary environment variables, potentially hijacking application behavior, exfiltrating credentials, or escalating privileges within the affected system.
Affected Products
- OpenClaw versions prior to 2026.3.28
Discovery Timeline
- 2026-04-21 - CVE-2026-41294 published to NVD
- 2026-04-21 - Last updated in NVD database
Technical Details for CVE-2026-41294
Vulnerability Analysis
This vulnerability is classified under CWE-15 (External Control of System or Configuration Setting), which describes scenarios where an application allows external input to control system-level configurations without proper validation. In the case of OpenClaw, the application's startup sequence incorrectly prioritizes an untrusted .env file from the current working directory over the established state-dir configuration.
The flaw creates a scenario where any user who can place files in a directory where OpenClaw might be executed gains the ability to manipulate the application's runtime behavior. This is particularly dangerous in shared development environments, CI/CD pipelines, or when cloning untrusted repositories that may contain malicious .env files.
Root Cause
The root cause lies in the configuration loading order within OpenClaw's initialization routine. The application reads and processes environment variables from the CWD .env file before loading the trusted state-dir configuration, violating the principle of least privilege. This design flaw means that a locally placed .env file takes precedence over administrator-defined secure configurations.
Attack Vector
The attack requires local access (AV:L) with no privileges required to exploit. An attacker can:
- Place a crafted .env file in a directory where a victim is likely to execute OpenClaw
- Wait for the victim to run OpenClaw from that directory (requires user interaction)
- The malicious environment variables are loaded and applied during startup
- The attacker's injected configuration overrides security-sensitive settings
Common attack scenarios include:
- Planting malicious .env files in cloned Git repositories
- Placing .env files in shared workspace directories
- Targeting CI/CD pipeline directories where OpenClaw is executed
The vulnerability could be exploited to redirect API endpoints, modify authentication tokens, disable security features, or inject malicious paths into the application's runtime environment.
Detection Methods for CVE-2026-41294
Indicators of Compromise
- Unexpected .env files appearing in repository roots or workspace directories
- Modified environment variables in OpenClaw process context that differ from expected state-dir configuration
- Unusual network connections or API calls originating from OpenClaw processes
- File creation timestamps showing .env files created by non-administrative users
Detection Strategies
- Monitor file system events for .env file creation in directories where OpenClaw is commonly executed
- Implement file integrity monitoring on known OpenClaw execution directories
- Audit process environment variables during OpenClaw startup to detect unauthorized overrides
- Review Git repository contents for suspicious .env files before cloning or pulling
Monitoring Recommendations
- Enable verbose logging for OpenClaw configuration loading to track which .env files are processed
- Configure SIEM alerts for OpenClaw processes with unexpected environment variable values
- Implement endpoint detection rules that flag .env file creation in monitored directories
- Regularly scan repositories and workspaces for potentially malicious .env files
How to Mitigate CVE-2026-41294
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.28 or later immediately
- Audit all existing .env files in directories where OpenClaw has been executed
- Review environment variable configurations in CI/CD pipelines that use OpenClaw
- Scan cloned repositories for unexpected .env files before execution
Patch Information
The vulnerability is fixed in OpenClaw version 2026.3.28, which corrects the configuration loading order to prioritize trusted state-dir configuration over CWD .env files. For detailed information about the fix, refer to the GitHub Security Advisory or the VulnCheck Advisory.
Workarounds
- Avoid executing OpenClaw from untrusted directories or cloned repositories
- Remove or rename any untrusted .env files before running OpenClaw in a directory
- Use explicit state-dir configuration paths and avoid relying on CWD-based configuration loading
- Implement directory-level access controls to prevent unauthorized .env file creation in OpenClaw execution paths
- Consider running OpenClaw in isolated environments or containers where the working directory can be strictly controlled
# Verify OpenClaw version and check for vulnerable installations
openclaw --version
# Remove untrusted .env files before execution
find /path/to/workspace -name ".env" -type f -mtime -7 -ls
# Set explicit state-dir to override CWD configuration
export OPENCLAW_STATE_DIR=/etc/openclaw/trusted-config
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
