CVE-2026-53842

Vulnerability

OpenClaw versions before 2026.5.2 contain an environment variable injection vulnerability. Workspace .env files processed by the Gmail setup feature can set the CLOUDSDK_PYTHON variable, influencing which Python runtime gcloud executes during setup [1][2]. The affected code path is active when the Gmail setup feature is enabled and a trusted operator opens a repository containing a malicious .env file.

Exploitation

An attacker with the ability to modify files in a repository (e.g., through a pull request or direct commit) can place a .env file that defines CLOUDSDK_PYTHON pointing to an unintended local Python executable. When a trusted operator triggers Gmail setup (e.g., by running the command via the Gateway), gcloud uses the attacker-specified Python path, leading to execution of arbitrary code in the operator's environment [1]. No additional authentication is required beyond repository write access.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the trusted operator running Gmail setup. This can lead to full compromise of the operator's system, including data exfiltration, installation of malware, or further lateral movement within the operator's network [1].

Mitigation

OpenClaw 2026.5.2 contains the fix for this vulnerability [1][2]. Until patched, operators should only run Gmail setup from trusted workspaces, clear workspace environment variable overrides before setup, and disable the affected feature when not needed. Additional hardening includes keeping tool allowlists narrow and avoiding shared Gateways between mutually untrusted users [1].