Main Vulnerability Database Vulnerabilities #VU125264

#VU125264 Improper Handling of Case Sensitivity in OpenClaw - CVE-2026-34426

Published: April 8, 2026

Vulnerability identifier: #VU125264

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-34426

CWE-ID: CWE-178

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote user to bypass approval binding for environment overrides.

The vulnerability exists due to improper handling of case sensitivity in system-run approval binding for environment override keys when processing host-exec flows. A remote user can supply windows-compatible environment override keys to bypass approval binding for environment overrides.

An approved command may execute with environment overrides that are not represented in the approval binding.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-98ch-45wp-ch47

#VU125264 Improper Handling of Case Sensitivity in OpenClaw - CVE-2026-34426

Description

Remediation

External links

Please verify you're human