Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2026-53858

CVE-2026-53858: Openclaw Environment Variable RCE Flaw

CVE-2026-53858 is an environment variable injection RCE flaw in Openclaw that lets attackers manipulate STATE_DIRECTORY to execute malicious code. This article covers technical details, affected versions, and mitigations.

Published:

CVE-2026-53858 Overview

CVE-2026-53858 is an environment variable injection vulnerability in OpenClaw versions prior to 2026.5.2. The flaw resides in how the application processes the workspace .envSTATE_DIRECTORY variable, which influences bundled runtime dependency roots. Attackers who can modify or supply this variable can redirect dependency resolution to attacker-controlled local paths. This causes OpenClaw to load runtime dependencies from unintended locations, enabling execution of malicious code during dependency resolution. The issue is tracked as [CWE-426: Untrusted Search Path].

Critical Impact

Local attackers can achieve arbitrary code execution by manipulating the STATE_DIRECTORY environment variable to force OpenClaw to load malicious runtime dependencies.

Affected Products

  • OpenClaw (Node.js distribution) versions prior to 2026.5.2
  • Workspaces using a .env file that defines STATE_DIRECTORY
  • Deployments relying on bundled runtime dependency resolution

Discovery Timeline

  • 2026-06-16 - CVE-2026-53858 published to the National Vulnerability Database (NVD)
  • 2026-06-18 - Last updated in the NVD database

Technical Details for CVE-2026-53858

Vulnerability Analysis

OpenClaw reads the STATE_DIRECTORY value from a workspace .env file and uses it to compute paths for bundled runtime dependencies. The application does not validate that the resulting paths point to trusted, application-controlled locations. When OpenClaw resolves and loads runtime modules, it consults these attacker-influenceable roots. A malicious payload placed at the redirected path executes within the OpenClaw process at load time. Exploitation requires local access and user interaction, since the attacker must place a crafted .env and dependency files where OpenClaw will read them.

Root Cause

The root cause is an untrusted search path issue [CWE-426]. OpenClaw treats the STATE_DIRECTORY environment variable as a trusted input for locating bundled runtime dependencies. Because the resolution logic prefers caller-supplied paths over a fixed, validated dependency root, an attacker can override safe defaults. The application lacks integrity checks on loaded modules and does not constrain dependency lookup to vetted directories.

Attack Vector

The attack vector is local. An attacker plants a workspace containing a .env file that sets STATE_DIRECTORY to a directory under attacker control. When a victim opens or runs OpenClaw against that workspace, the application resolves runtime dependencies through the attacker path. Malicious modules placed in that path execute with the privileges of the OpenClaw user during dependency resolution. No network access or authentication is required, but the victim must interact with the malicious workspace.

No verified proof-of-concept code is available. See the VulnCheck Advisory and GitHub Security Advisory for additional technical details.

Detection Methods for CVE-2026-53858

Indicators of Compromise

  • Workspace .env files containing a STATE_DIRECTORY value that points outside the OpenClaw installation directory or to user-writable paths such as /tmp, ~/Downloads, or removable media.
  • Unexpected Node.js modules or native binaries located in directories referenced by STATE_DIRECTORY.
  • OpenClaw process loading runtime dependencies from non-standard filesystem locations.

Detection Strategies

  • Scan repositories and shared workspaces for .env files that define STATE_DIRECTORY and flag values resolving outside approved paths.
  • Hunt for OpenClaw child processes spawning shells, interpreters, or network utilities shortly after startup.
  • Compare loaded module paths against a known-good baseline of bundled OpenClaw dependencies.

Monitoring Recommendations

  • Monitor file integrity for OpenClaw installation directories and any path referenced by STATE_DIRECTORY.
  • Log process execution with full command lines and environment variable values where supported, and alert on OpenClaw invocations with custom STATE_DIRECTORY values.
  • Track filesystem writes that create executable files in user-writable directories preceding OpenClaw launches.

How to Mitigate CVE-2026-53858

Immediate Actions Required

  • Upgrade OpenClaw to version 2026.5.2 or later on all systems.
  • Audit existing workspaces for .env files defining STATE_DIRECTORY and remove or sanitize untrusted values.
  • Restrict who can supply or modify workspace .env files in shared development environments.

Patch Information

The vendor released a fix in OpenClaw 2026.5.2. Refer to the GitHub Security Advisory GHSA-wc84-j36w-pw4x for patch details and upgrade guidance.

Workarounds

  • Unset or hard-code STATE_DIRECTORY to a trusted, application-controlled path before launching OpenClaw.
  • Avoid opening OpenClaw workspaces received from untrusted sources or third-party repositories.
  • Run OpenClaw under a least-privileged user account to limit the impact of dependency-loading abuse.
bash
# Configuration example: enforce a trusted STATE_DIRECTORY and ignore workspace .env overrides
export STATE_DIRECTORY="/opt/openclaw/state"
chmod 755 /opt/openclaw/state
chown root:root /opt/openclaw/state

# Verify installed OpenClaw version is patched
openclaw --version  # must report 2026.5.2 or later

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne