OpenClaw CVE List 2026: Critical Vulnerabilities You Need to Block
Two new CVEs dropped in March 2026 that let malicious skills steal environment variables. Here's what's actually exploitable and what you need to do today.
OpenClaw CVE List 2026: What's Actually Broken
Three CVEs hit OpenClaw in 2026. Two are real problems. One is hype. If you're running agents in production, you need to know which is which—and the OpenClaw CVE list for 2026 is your actual map of what to fix first.
We tracked every publicly disclosed vulnerability in OpenClaw and OpenClaw-adjacent tools this year. The picture isn't as grim as Twitter makes it sound, but there are gaps that malicious skills actively exploit.
The Numbers: What's Vulnerable Right Now
As of May 2026, the OpenClaw CVE list shows 3 disclosed vulnerabilities across runtime versions. Here's the breakdown:
- CVE-2026-1847: Environment variable disclosure in plugin sandboxing (CVSS 7.5 High) — affects OpenClaw <1.4.2
- CVE-2026-2301: Credential cache poisoning via malicious skills (CVSS 8.1 High) — affects OpenClaw 1.3.0–1.4.3
- CVE-2026-0892: Path traversal in skill install validation (CVSS 5.2 Medium) — requires local filesystem access, low real-world impact
Most people running updated versions are fine on CVE-2026-0892. The other two? That's where skills go rogue.
Why the OpenClaw CVE List Matters
OpenClaw's plugin model is powerful. It's also a target. Skills can request filesystem access, network permissions, and credential scope. If a skill is malicious and the runtime has a CVE-2026-1847 bug, that skill pulls every env var it can reach.
We've seen three instances of live exploitation in the wild. None made the news. All were caught by teams running tight permission boundaries and monitoring.
⚠️ Real Incident: In February 2026, a supposedly productivity skill on ClawHub installed with ~60K downloads. It exploited CVE-2026-1847 to extract AWS credentials from environment variables. GitOpenClaw's scanner caught it in a pre-install scan. The skill was pulled 48 hours later.
The Technical Reality
CVE-2026-1847: The Environment Variable Leak
This one is real and exploitable. OpenClaw's plugin sandbox is supposed to isolate environment variables by scope. A flaw in the filtering logic in versions <1.4.2 leaks the full process.env object to skills that request any environment variable access.
An attacker skill can request OPENAI_API_KEY and accidentally (on purpose) get AWS_ACCESS_KEY, GITHUB_TOKEN, DATABASE_URL—everything.
CVE-2026-2301: Credential Cache Poisoning
This one's sneakier. OpenClaw caches credentials in memory for reuse across skill invocations. A malicious skill in versions 1.3.0–1.4.3 can pollute that cache with fake credentials, then wait for another skill to use them. Worst case: you authenticate to the wrong API endpoint a malicious actor controls.
CVE-2026-0892: The Minor One
Path traversal during skill installation validation. Requires you to already have filesystem write access to the skill directory, which almost nobody does. Skip this one unless you're installing skills from a shared filesystem.
What to Do Right Now
- Check your OpenClaw version: openclaw --version. If you're below 1.4.2, upgrade today.
- Review installed skills. Go to your .openclaw/workspace and list active skills. If any were installed before February 2026, audit them or reinstall from verified sources.
- Rotate credentials. If you run OpenClaw agents in production and store API keys in environment variables, rotate them now—assume exposure.
- Run a skill scanner before installing anything new. GitOpenClaw's free scanner checks for known exploits of the OpenClaw CVE list. Paste any skill URL or install command.
- If you're on the Watch plan, check your runtime logs. Look for skills requesting environment variable access or credential-adjacent permissions.
How GitOpenClaw Tracks This
The OpenClaw CVE list isn't just version numbers. We maintain a database of known-exploitable skills—the ones we've caught using CVE-2026-1847 or CVE-2026-2301 in the wild.
Every time you scan a skill with GitOpenClaw, we check it against that list. If a skill makes suspicious permission requests that align with a known CVE, we flag it in plain English: This skill requests environment access. CVE-2026-1847 makes this exploitable on OpenClaw <1.4.2.
That's the difference between knowing the OpenClaw CVE list exists and actually understanding what it means for your setup.
FAQ: OpenClaw CVE List 2026
What's the most dangerous CVE on the OpenClaw CVE list?
CVE-2026-1847. Full environment variable disclosure with no user action required. If you have secrets in your environment and you're below OpenClaw 1.4.2, a malicious skill can steal them. The good news: it's fixed in 1.4.2+.
Do I need to worry about CVE-2026-0892?
Only if you install skills from a shared filesystem you don't control. Most people don't. It's a valid CVE but low practical risk for typical setups.
How often is the OpenClaw CVE list updated?
We track it in real time. New CVEs are added as they're disclosed to NVD and OpenClaw maintainers. You can check the live list anytime—it's part of your GitOpenClaw account if you have Watch enabled.
Keep Your OpenClaw Safe
The OpenClaw CVE list for 2026 is manageable. Two high-severity bugs, both fixable with an upgrade. One low-risk quirk. That's it. But the real threat is skills you don't know about—the ones with 0 reputation that slip under the radar.
That's where scanning comes in.
Free scanner. No account required. Instant results.
Scan your skills free →GitOpenClaw
The security platform for OpenClaw users.