CVE-2026-29610 - OpenClaw < 2026.2.14 - Command Hijacking via Unsafe PATH Handling

CVE ID : CVE-2026-29610 Published : March 5, 2026, 10:16 p.m. | 1 hour, 28 minutes ago Description : OpenClaw versions prior to 2026.2.14 contain a command hijacking vulnerability that allows attackers to execute unintended binaries by manipulating PATH environment variables through node-host execution or project-local bootstrapping. Attackers with authenticated access to node-host execution surfaces or those running OpenClaw in attacker-controlled directories can place malicious executables in PATH to override allowlisted safe-bin commands and achieve arbitrary command execution. Severity: 7.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...