The SentinelOne Annual Threat Report - A Defenders Guide from the FrontlinesThe SentinelOne Annual Threat ReportGet the Report
Experiencing a Breach?Blog
Get StartedContact Us
SentinelOne
  • Platform
    Platform Overview
    • Singularity Platform
      Welcome to Integrated Enterprise Security
    • AI for Security
      Leading the Way in AI-Powered Security Solutions
    • Securing AI
      Accelerate AI Adoption with Secure AI Tools, Apps, and Agents.
    • How It Works
      The Singularity XDR Difference
    • Singularity Marketplace
      One-Click Integrations to Unlock the Power of XDR
    • Pricing & Packaging
      Comparisons and Guidance at a Glance
    Data & AI
    • Purple AI
      Accelerate SecOps with Generative AI
    • Singularity Hyperautomation
      Easily Automate Security Processes
    • AI-SIEM
      The AI SIEM for the Autonomous SOC
    • AI Data Pipelines
      Security Data Pipeline for AI SIEM and Data Optimization
    • Singularity Data Lake
      AI-Powered, Unified Data Lake
    • Singularity Data Lake for Log Analytics
      Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
    Endpoint Security
    • Singularity Endpoint
      Autonomous Prevention, Detection, and Response
    • Singularity XDR
      Native & Open Protection, Detection, and Response
    • Singularity RemoteOps Forensics
      Orchestrate Forensics at Scale
    • Singularity Threat Intelligence
      Comprehensive Adversary Intelligence
    • Singularity Vulnerability Management
      Application & OS Vulnerability Management
    • Singularity Identity
      Identity Threat Detection and Response
    Cloud Security
    • Singularity Cloud Security
      Block Attacks with an AI-Powered CNAPP
    • Singularity Cloud Native Security
      Secure Cloud and Development Resources
    • Singularity Cloud Workload Security
      Real-Time Cloud Workload Protection Platform
    • Singularity Cloud Data Security
      AI-Powered Threat Detection for Cloud Storage
    • Singularity Cloud Security Posture Management
      Detect and Remediate Cloud Misconfigurations
    Securing AI
    • Prompt Security
      Secure AI Tools Across Your Enterprise
  • Why SentinelOne?
    Why SentinelOne?
    • Why SentinelOne?
      Cybersecurity Built for What’s Next
    • Our Customers
      Trusted by the World’s Leading Enterprises
    • Industry Recognition
      Tested and Proven by the Experts
    • About Us
      The Industry Leader in Autonomous Cybersecurity
    Compare SentinelOne
    • Arctic Wolf
    • Broadcom
    • CrowdStrike
    • Cybereason
    • Microsoft
    • Palo Alto Networks
    • Sophos
    • Splunk
    • Trellix
    • Trend Micro
    • Wiz
    Verticals
    • Energy
    • Federal Government
    • Finance
    • Healthcare
    • Higher Education
    • K-12 Education
    • Manufacturing
    • Retail
    • State and Local Government
  • Services
    Managed Services
    • Managed Services Overview
      Wayfinder Threat Detection & Response
    • Threat Hunting
      World-Class Expertise and Threat Intelligence
    • Managed Detection & Response
      24/7/365 Expert MDR Across Your Entire Environment
    • Incident Readiness & Response
      DFIR, Breach Readiness, & Compromise Assessments
    Support, Deployment, & Health
    • Technical Account Management
      Customer Success with Personalized Service
    • SentinelOne GO
      Guided Onboarding & Deployment Advisory
    • SentinelOne University
      Live and On-Demand Training
    • Services Overview
      Comprehensive Solutions for Seamless Security Operations
    • SentinelOne Community
      Community Login
  • Partners
    Our Network
    • MSSP Partners
      Succeed Faster with SentinelOne
    • Singularity Marketplace
      Extend the Power of S1 Technology
    • Cyber Risk Partners
      Enlist Pro Response and Advisory Teams
    • Technology Alliances
      Integrated, Enterprise-Scale Solutions
    • SentinelOne for AWS
      Hosted in AWS Regions Around the World
    • Channel Partners
      Deliver the Right Solutions, Together
    • SentinelOne for Google Cloud
      Unified, Autonomous Security Giving Defenders the Advantage at Global Scale
    • Partner Locator
      Your Go-to Source for Our Top Partners in Your Region
    Partner Portal→
  • Resources
    Resource Center
    • Case Studies
    • Data Sheets
    • eBooks
    • Reports
    • Videos
    • Webinars
    • Whitepapers
    • Events
    View All Resources→
    Blog
    • Feature Spotlight
    • For CISO/CIO
    • From the Front Lines
    • Identity
    • Cloud
    • macOS
    • SentinelOne Blog
    Blog→
    Tech Resources
    • SentinelLABS
    • Ransomware Anthology
    • Cybersecurity 101
  • About
    About SentinelOne
    • About SentinelOne
      The Industry Leader in Cybersecurity
    • Investor Relations
      Financial Information & Events
    • SentinelLABS
      Threat Research for the Modern Threat Hunter
    • Careers
      The Latest Job Opportunities
    • Press & News
      Company Announcements
    • Cybersecurity Blog
      The Latest Cybersecurity Threats, News, & More
    • FAQ
      Get Answers to Our Most Frequently Asked Questions
    • DataSet
      The Live Data Platform
    • S Foundation
      Securing a Safer Future for All
    • S Ventures
      Investing in the Next Generation of Security, Data and AI
  • Pricing
Get StartedContact Us
CVE Vulnerability Database
Vulnerability Database/CVE-2026-43584

CVE-2026-43584: OpenClaw RCE Vulnerability

CVE-2026-43584 is a remote code execution flaw in OpenClaw caused by insufficient environment variable controls. Attackers can manipulate startup variables to execute malicious code. This article covers technical details, affected versions, impact, and mitigation strategies.

Published: May 7, 2026

CVE-2026-43584 Overview

CVE-2026-43584 is a high-severity vulnerability in OpenClaw versions before 2026.4.10. The flaw exists in the exec environment policy, which uses an insufficient environment variable denylist [CWE-184]. The policy fails to block operator-supplied overrides of high-risk interpreter startup variables, including VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES. Authenticated attackers can manipulate these variables to alter downstream execution behavior or redirect network connectivity.

Critical Impact

Attackers with low-privilege access can override interpreter initialization variables to execute arbitrary code in spawned processes and influence DNS resolution through HOSTALIASES, compromising the confidentiality, integrity, and availability of the host environment.

Affected Products

  • OpenClaw versions prior to 2026.4.10
  • OpenClaw HostEnvSanitizer component (macOS Sources)
  • Deployments using the default HostEnvSecurityPolicy exec environment policy

Discovery Timeline

  • 2026-05-06 - CVE-2026-43584 published to NVD
  • 2026-05-06 - Last updated in NVD database

Technical Details for CVE-2026-43584

Vulnerability Analysis

The vulnerability stems from an incomplete denylist in OpenClaw's exec environment policy. The policy enumerates environment variables that must not be inherited or overridden when spawning child processes, but the original list omits several interpreter startup variables. Attackers exploit this gap by supplying operator-controlled values for variables that interpreters and resolver libraries read at process startup.

Variables such as VIMINIT and EXINIT cause vim and ex to execute attacker-controlled commands on launch. LUA_INIT instructs the Lua interpreter to evaluate arbitrary code or load a chosen file before user scripts run. HOSTALIASES redirects unqualified hostname lookups to attacker-defined mappings, enabling traffic redirection without modifying /etc/hosts or requiring elevated privileges.

Root Cause

The root cause is an incomplete denylist pattern [CWE-184]. The HostEnvSecurityPolicy enumerated blockedKeys, blockedPrefixes, and blockedOverrideKeys, but did not separately enforce a list of inherited keys and prefixes that must always be stripped. Any interpreter startup variable not explicitly listed could be passed through to child processes.

Attack Vector

Exploitation requires network access and low privileges. An authenticated operator submits a request that sets one of the unblocked variables. When OpenClaw spawns a downstream process such as a Vim, Lua, or shell helper, the unsanitized variable is inherited and triggers attacker-controlled execution or hostname redirection.

text
// Security patch: apps/macos/Sources/OpenClaw/HostEnvSanitizer.swift
 enum HostEnvSanitizer {
     /// Generated from src/infra/host-env-security-policy.json via scripts/generate-host-env-security-policy-swift.mjs.
     /// Parity is validated by src/infra/host-env-security.policy-parity.test.ts.
+    private static let blockedInheritedKeys = HostEnvSecurityPolicy.blockedInheritedKeys
+    private static let blockedInheritedPrefixes = HostEnvSecurityPolicy.blockedInheritedPrefixes
     private static let blockedKeys = HostEnvSecurityPolicy.blockedKeys
     private static let blockedPrefixes = HostEnvSecurityPolicy.blockedPrefixes
     private static let blockedOverrideKeys = HostEnvSecurityPolicy.blockedOverrideKeys

Source: GitHub Commit 2d126fc. The patch introduces blockedInheritedKeys and blockedInheritedPrefixes sets, expanding the sanitizer to strip interpreter startup variables before child process execution.

Detection Methods for CVE-2026-43584

Indicators of Compromise

  • Process telemetry showing vim, ex, lua, or related interpreters spawned by OpenClaw worker processes with non-empty VIMINIT, EXINIT, or LUA_INIT environment variables.
  • DNS resolution anomalies where short hostnames resolve to unexpected addresses correlated with HOSTALIASES being set in a child process environment.
  • OpenClaw audit logs containing operator-submitted environment variables matching interpreter startup names.

Detection Strategies

  • Inventory all OpenClaw deployments and verify whether the running version is below 2026.4.10.
  • Hunt across endpoint and process telemetry for child processes inheriting environment variables in the names VIMINIT, EXINIT, LUA_INIT, or HOSTALIASES.
  • Compare submitted operator payloads against the expanded denylist defined in the upstream host-env-security-policy.json.

Monitoring Recommendations

  • Alert on any execution of interpreter binaries spawned by OpenClaw service accounts outside of expected automation paths.
  • Monitor outbound DNS and TCP connections from OpenClaw workers for destinations not present in approved allowlists.
  • Capture and retain process environment snapshots for forensic review of suspected exploitation attempts.

How to Mitigate CVE-2026-43584

Immediate Actions Required

  • Upgrade OpenClaw to version 2026.4.10 or later, which contains the expanded denylist fix.
  • Restrict operator submission of environment variables at the network boundary until the upgrade is complete.
  • Audit existing operator-supplied environment overrides for the presence of interpreter startup variables.

Patch Information

The fix is delivered in commit 2d126fc62343a7b6895351f96e4e1474bc358140 and tracked under the GitHub Security Advisory GHSA-vfp4-8x56-j7c5. Additional context is available in the VulnCheck Advisory. The patch adds blockedInheritedKeys and blockedInheritedPrefixes to HostEnvSecurityPolicy and wires them into HostEnvSanitizer to strip interpreter startup and resolver variables.

Workarounds

  • If patching is not immediately possible, configure a custom environment policy that explicitly denies VIMINIT, EXINIT, LUA_INIT, and HOSTALIASES.
  • Disable operator-supplied environment overrides entirely on exec policies that do not require them.
  • Run OpenClaw worker processes under accounts that cannot resolve hostnames via HOSTALIASES lookups by setting RES_OPTIONS and similar resolver controls in a wrapper script.
bash
# Configuration example: enforce extended denylist via wrapper before patching
unset VIMINIT EXINIT LUA_INIT HOSTALIASES
for var in $(env | awk -F= '/^(VIMINIT|EXINIT|LUA_INIT|HOSTALIASES)=/ {print $1}'); do
  unset "$var"
done
exec /usr/local/bin/openclaw "$@"

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

  • Vulnerability Details
  • TypeRCE
  • Vendor/TechOpenclaw
  • SeverityHIGH
  • CVSS Score8.7
  • Known ExploitedNo
  • CVSS Vector
  • CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Impact Assessment
  • ConfidentialityLow
  • IntegrityNone
  • AvailabilityHigh
  • CWE References
  • CWE-184
  • Technical References
  • GitHub Commit Note
  • GitHub Security Advisory
  • VulnCheck Advisory
  • Related CVEs
  • CVE-2026-44115: OpenClaw RCE Vulnerability Explained
  • CVE-2026-44114: OpenClaw RCE Vulnerability
  • CVE-2026-42434: OpenClaw Sandbox Escape RCE Vulnerability
  • CVE-2026-42435: OpenClaw RCE Vulnerability Explained
Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the World’s Most Advanced Cybersecurity Platform

See how our intelligent, autonomous cybersecurity platform can protect your organization now and into the future.

Try SentinelOne
  • Get Started
  • Get a Demo
  • Product Tour
  • Why SentinelOne
  • Pricing & Packaging
  • FAQ
  • Contact
  • Contact Us
  • Customer Support
  • SentinelOne Status
  • Language
  • Platform
  • Singularity Platform
  • Singularity Endpoint
  • Singularity Cloud
  • Singularity AI-SIEM
  • Singularity Identity
  • Singularity Marketplace
  • Purple AI
  • Services
  • Wayfinder TDR
  • SentinelOne GO
  • Technical Account Management
  • Support Services
  • Verticals
  • Energy
  • Federal Government
  • Finance
  • Healthcare
  • Higher Education
  • K-12 Education
  • Manufacturing
  • Retail
  • State and Local Government
  • Cybersecurity for SMB
  • Resources
  • Blog
  • Labs
  • Case Studies
  • Videos
  • Product Tours
  • Events
  • Cybersecurity 101
  • eBooks
  • Webinars
  • Whitepapers
  • Press
  • News
  • Ransomware Anthology
  • Company
  • About Us
  • Our Customers
  • Careers
  • Partners
  • Legal & Compliance
  • Security & Compliance
  • Investor Relations
  • S Foundation
  • S Ventures

©2026 SentinelOne, All Rights Reserved.

Privacy Notice Terms of Use

English