CVE-2026-53846

Vulnerability

OpenClaw versions before 2026.4.29 contain a path traversal vulnerability in the install helper ([1]). The issue allows a workspace .env file to override the npm_execpath configuration that the install helper uses for bundled runtime dependency installation ([2]). An attacker with write access to a workspace can place a crafted .env file that points to an arbitrary local executable. The affected feature is the bundled runtime dependency installation mechanism triggered when a trusted operator opens the repository in OpenClaw ([1]).

Exploitation

An attacker needs workspace write access (e.g., via a malicious plugin or a compromised contributor) to create a .env file setting npm_execpath to an unintended local package-manager binary ([1],[2]). When a trusted Gateway operator opens or interacts with the workspace, OpenClaw's install helper reads the .env and uses the attacker-controlled path to execute what it believes is the package manager ([1]). No additional authentication or user interaction beyond the operator's normal workflow is required to trigger the vulnerable code path ([2]).

Impact

Successful exploitation allows arbitrary local package-manager executable execution during dependency setup ([1]). This can lead to compromise of the build environment, including potential code execution with the privileges of the OpenClaw process ([2]). The practical impact depends on the operator's system configuration and the capabilities of the substituted executable, but it directly threatens the integrity and confidentiality of the build pipeline ([1]).

Mitigation

The first stable patched version is OpenClaw 2026.4.29 ([1]). Until patched, mitigate by installing bundled runtime dependencies only from trusted workspaces ([1]). As general hardening, keep channel and tool allowlists narrow, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature if it is not needed ([1]). There is no KEV listing at the time of publication ([1],[2]).