CVE-2026-22217 | OpenClaw up to 2026.2.22 Environment Variable /opt/homebrew/bin SHELL inclusion of functionality from untrusted control sphere (GHSA-p4wh-cr8m-gm6c)

Inserito da Angelo Barbosa | Mar 18, 2026 | CVE

A vulnerability was found in OpenClaw up to 2026.2.22. It has been declared as problematic. This issue affects some unknown processing of the file /opt/homebrew/bin of the component Environment Variable Handler. Such manipulation of the argument SHELL leads to inclusion of functionality from untrusted control sphere.

This vulnerability is documented as CVE-2026-22217. The attack needs to be performed locally. There is not any exploit available.

It is recommended to upgrade the affected component.

CVE-2026-22217 | OpenClaw up to 2026.2.22 Environment Variable /opt/homebrew/bin SHELL inclusion of functionality from untrusted control sphere (GHSA-p4wh-cr8m-gm6c)

Post correlati

CVE-2024-44439 | Shanghai Zhouma Network Technology IMS Intelligent Manufacturing Collaborative Internet of Things System Privilege Escalation

CVE-2024-33217 | Tenda FH1206 1.2.0.8(8155)_EN ip/goform/addressNat page stack-based overflow

CVE-2025-15005 | CouchCMS up to 2.4 reCAPTCHA couch/config.example.php K_RECAPTCHA_SITE_KEY/K_RECAPTCHA_SECRET_KEY hard-coded key

CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)