Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-53846

CVE-2026-53846: Openclaw Path Traversal Vulnerability

CVE-2026-53846 is a path traversal vulnerability in Openclaw that allows attackers to execute unintended package manager executables during dependency setup. This article covers the technical details, affected versions, and mitigation.

Published:

CVE-2026-53846 Overview

CVE-2026-53846 affects OpenClaw versions prior to 2026.4.29. The vulnerability resides in the install helper, which improperly trusts workspace .env files when resolving the npm_execpath configuration. Attackers with workspace access can override this value to point at attacker-controlled local executables. During bundled runtime dependency installation, the unintended package manager executes within the build environment. The flaw is classified under CWE-426: Untrusted Search Path and enables compromise of confidentiality and integrity on the affected host.

Critical Impact

Workspace-level attackers can hijack dependency installation to run arbitrary package-manager binaries, leading to build-environment compromise and supply-chain risk.

Affected Products

  • OpenClaw versions before 2026.4.29 (Node.js distribution)
  • OpenClaw 2026.4.29-beta1 through 2026.4.29-beta4
  • Build environments using OpenClaw's install helper for runtime dependency setup

Discovery Timeline

  • 2026-06-16 - CVE-2026-53846 published to the National Vulnerability Database (NVD)
  • 2026-06-18 - Last updated in NVD database

Technical Details for CVE-2026-53846

Vulnerability Analysis

The vulnerability stems from the OpenClaw install helper reading workspace .env files without restricting which environment variables they may override. The npm_execpath variable controls the path to the package manager executable invoked during bundled runtime dependency installation. By placing a crafted .env in the workspace, an attacker substitutes this path with an arbitrary local binary. When OpenClaw triggers dependency setup, the substituted executable runs under the privileges of the build process. This produces local code execution within the build environment and enables tampering with installed dependencies. The Common Weakness Enumeration (CWE) classification [CWE-426] reflects the untrusted search-path semantics of the flaw.

Root Cause

The install helper treats workspace .env entries as authoritative configuration sources. It does not enforce an allowlist for sensitive variables such as npm_execpath. As a result, environment-driven path resolution becomes a control-flow primitive for any actor who can write to the workspace.

Attack Vector

Exploitation requires local workspace access and user interaction to initiate the install workflow. An attacker drops a malicious .env file containing an overridden npm_execpath value. When a developer or CI process runs OpenClaw's install helper, the helper loads the .env, exports npm_execpath, and invokes the attacker-supplied binary. The substituted package manager can then modify dependencies, exfiltrate secrets from the build environment, or implant persistence mechanisms in produced artifacts.

No verified public proof-of-concept code is available. Refer to the VulnCheck Advisory for technical details.

Detection Methods for CVE-2026-53846

Indicators of Compromise

  • Unexpected .env files in OpenClaw workspaces containing an npm_execpath assignment
  • Execution of package-manager binaries from non-standard paths during OpenClaw install workflows
  • Build logs showing dependency installation invoked through unexpected executables
  • New or modified files in workspace directories preceding install-helper execution

Detection Strategies

  • Audit workspace .env files for npm_execpath, NODE_OPTIONS, and other process-control variables before running OpenClaw.
  • Compare resolved npm_execpath at runtime against the expected package manager path installed on the host.
  • Inspect process telemetry for OpenClaw parent processes spawning unsigned or user-writable binaries.

Monitoring Recommendations

  • Log all child processes spawned by the OpenClaw install helper and alert on executables outside trusted directories.
  • Track creation and modification of .env files in shared workspaces and CI runners.
  • Forward build-pipeline telemetry to a centralized data lake for retroactive hunting on npm_execpath overrides.

How to Mitigate CVE-2026-53846

Immediate Actions Required

  • Upgrade OpenClaw to version 2026.4.29 or later, which removes the unsafe .env override behavior.
  • Review all workspaces and CI runners for unauthorized .env files prior to executing the install helper.
  • Restrict write access to OpenClaw workspaces to trusted users and automated identities.
  • Rotate any secrets that may have been exposed in build environments running affected versions.

Patch Information

The maintainers fixed the issue in OpenClaw 2026.4.29. See the GitHub Security Advisory GHSA-24vr-rprv-67rf for patch details and upgrade guidance.

Workarounds

  • Run OpenClaw install workflows in ephemeral, isolated containers without persistent workspace data.
  • Explicitly unset npm_execpath in the environment before invoking the install helper.
  • Enforce read-only mounts for workspace directories during dependency installation.
  • Apply filesystem allowlists that block .env files from untrusted contributors.
bash
# Configuration example: sanitize environment before invoking OpenClaw install helper
unset npm_execpath
find ./workspace -maxdepth 2 -name '.env' -print -exec rm -f {} \;
env -i PATH="/usr/local/bin:/usr/bin:/bin" openclaw install

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne