CVE-2026-53864

Vulnerability

OpenClaw before 2026.5.26 contains an insufficient sanitization vulnerability in the host environment sanitizer that missed two Node.js control variables. [1] This allows a lower-trust environment source—such as a workspace .env file, tool environment override, or skill environment block—to pass malicious Node.js control variables through the shared sanitizer. The issue is present when the affected feature is enabled and reachable. [1]

Exploitation

An attacker with access to any of the low-trust environment sources (workspace .env, tool env overrides, or skill env blocks) can set malicious Node.js control variables that bypass the sanitizer. [1] [2] When a later Node.js child process is launched under the accepted environment or when coverage output paths are generated, the malicious variables influence the process behavior or output paths. [2] No additional authentication or user interaction is required beyond the ability to supply these environment values. [1]

Impact

Successful exploitation allows the attacker to influence Node.js child processes or coverage output paths. [1] The practical impact depends on the operator's configuration and whether lower-trust input can reach that path. This could lead to arbitrary code execution, data exfiltration, or other unintended behavior depending on the specifics of the child process or coverage tool. [2]

Mitigation

The first stable patched version is 2026.5.26. [1] As a workaround, avoid inheriting workspace or tool-supplied environment values from untrusted repositories until patched. [1] General hardening measures include keeping channel and tool allowlists narrow, avoiding sharing one Gateway between mutually untrusted users, and disabling the affected feature when not needed. [1]