CVE-2026-22217 | OpenClaw up to 2026.2.22 Environment Variable /opt/homebrew/bin SHELL inclusion of functionality from untrusted control sphere (GHSA-p4wh-cr8m-gm6c)

A vulnerability was found in OpenClaw up to 2026.2.22. It has been declared as problematic. This issue affects some unknown processing of the file /opt/homebrew/bin of the component Environment Variable Handler. Such manipulation of the argument SHELL leads to inclusion of functionality from untrusted control sphere.

This vulnerability is documented as CVE-2026-22217. The attack needs to be performed locally. There is not any exploit available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More