CVE-2026-24763
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| npm | clawdbot | <2026.1.29 | 2026.1.29 |
References
- https://github.com/clawdbot/clawdbot/security/advisories/GHSA-mc68-q9jw-2h3v
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v
- https://nvd.nist.gov/vuln/detail/CVE-2026-24763
- https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75
- https://github.com/openclaw/openclaw
- https://github.com/openclaw/openclaw/releases/tag/v2026.1.29
Verify integrity in audit chain (admin only). AS-IS.