Cradicle Explorer
ai-agents-security_AI-Infra-Guard
/ data / vuln_en / openclaw / CVE-2026-4039.yaml
CVE-2026-4039.yaml
 1  info:
 2    name: OpenClaw
 3    cve: CVE-2026-4039
 4    summary: OpenClaw applySkillConfigenvOverrides Skill Env Handler Code Injection
 5    details: >-
 6      OpenClaw version 2026.2.19-2 contains a code injection vulnerability in the
 7      applySkillConfigenvOverrides function of the Skill Env Handler component.
 8      Manipulation of environment variable overrides can lead to code injection,
 9      allowing remote attackers to execute arbitrary code. The vulnerability is
10      remotely exploitable and was fixed in version 2026.2.21-beta.1.
11      The patch is identified as commit 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c.
12    cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
13    severity: MEDIUM
14    security_advise: Upgrade OpenClaw to version 2026.2.21 or later (fix first included in 2026.2.21-beta.1).
15    references:
16      - https://nvd.nist.gov/vuln/detail/CVE-2026-4039
17  rule: version <= "2026.2.19-2"
18  references:
19    - https://nvd.nist.gov/vuln/detail/CVE-2026-4039