{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T02:32:07.304","vulnerabilities":[{"cve":{"id":"CVE-2026-24763","sourceIdentifier":"security-advisories@github.com","published":"2026-02-02T23:16:08.593","lastModified":"2026-02-13T14:28:51.560","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"OpenClaw (formerly  Clawdbot) is a personal AI assistant you run on your own devices. Prior to 2026.1.29, a command injection vulnerability existed in OpenClaw’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the container context. This vulnerability is fixed in 2026.1.29."},{"lang":"es","value":"OpenClaw (anteriormente Clawdbot) es un asistente de IA personal que ejecutas en tus propios dispositivos. Antes de 2026.1.29, existía una vulnerabilidad de inyección de comandos en el mecanismo de ejecución de sandbox de Docker de OpenClaw debido a un manejo inseguro de la variable de entorno PATH al construir comandos de shell. Un usuario autenticado capaz de controlar variables de entorno podría influir en la ejecución de comandos dentro del contexto del contenedor. Esta vulnerabilidad está corregida en 2026.1.29."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-78"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*","versionEndExcluding":"2026.1.29","matchCriteriaId":"4801AF60-B3F7-4C05-A4A1-F8443F445ACD"}]}]}],"references":[{"url":"https://github.com/openclaw/openclaw/commit/771f23d36b95ec2204cc9a0054045f5d8439ea75","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/openclaw/openclaw/releases/tag/v2026.1.29","source":"security-advisories@github.com","tags":["Product","Release Notes"]},{"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-mc68-q9jw-2h3v","source":"security-advisories@github.com","tags":["Vendor Advisory"]}]}}]}