How is CVE-2026-53842 exploited?

Network reachability (not-required): The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable code path. Authentication (not-required): No authentication to the host system is required, though the attacker must have repository write access to place or modify a workspace .env file. Victim interaction (required): A user must actively trigger the Gmail setup gcloud execution flow, making this a social-engineering or insider-access vector that depends on user action. Attack complexity (info): While exploiting the variable injection itself is straightforward, the CVSS AT:P token indicates the attack depends on specific preconditions, namely the attacker having .env write access and the victim running the affected setup command.

What is the impact of CVE-2026-53842?

An attacker executes arbitrary code in the context of the user running the OpenClaw Gmail setup flow, gaining whatever filesystem and process permissions that user holds. All files and credentials readable by the affected user process, including local secrets, API keys, and cached authentication tokens, become accessible to the attacker-controlled Python binary. The attacker can persist malicious code or exfiltrate data without modifying the OpenClaw application itself, making detection harder through standard log review.

Back to search

HIGHCVE-2026-53842Published 2026-06-16Modified 2026-06-16CNA VulnCheck

CVE-2026-53842: OpenClaw < 2026.5.2 - Arbitrary Python Runtime Execution via CLOUDSDK_PYTHON Environment Variable

Q: What is CVE-2026-53842?

An environment variable injection vulnerability in OpenClaw before version 2026.5.2 allows an attacker who can write to a workspace .env file to redirect Python runtime selection by setting the CLOUDSDK_PYTHON variable, which is consumed during Gmail setup gcloud execution. Exploitation requires local repository access and a user to trigger the affected setup flow. Successful exploitation gives the attacker arbitrary code execution with the privileges of the user running the setup process. A patched-image rebuild at version 2026.5.2 is available on HarborGuard for environments running an affected version of OpenClaw.

Q: How is CVE-2026-53842 fixed?

A patched-image rebuild at OpenClaw 2026.5.2 becomes available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to influence Python runtime selection through CLOUDSDK_PYTHON during Gmail setup gcloud execution. Attackers with repository access can manipulate the CLOUDSDK_PYTHON variable to execute setup through unintended local Python paths, potentially enabling arbitrary code execution.

CVSS v4.0: 7.0
Severity: HIGH
Fixed in: 2026.5.2
Affected Products: 1

HarborGuard Analysis

Synopsis

An environment variable injection vulnerability in OpenClaw before version 2026.5.2 allows an attacker who can write to a workspace .env file to redirect Python runtime selection by setting the CLOUDSDK_PYTHON variable, which is consumed during Gmail setup gcloud execution. Exploitation requires local repository access and a user to trigger the affected setup flow. Successful exploitation gives the attacker arbitrary code execution with the privileges of the user running the setup process. A patched-image rebuild at version 2026.5.2 is available on HarborGuard for environments running an affected version of OpenClaw.

HarborGuard Coverage

Detection

Detection of CVE-2026-53842 is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against images in customer registries and CI/CD pipelines, including custom-built images that bundle OpenClaw.

Available

Triage

HarborGuard is capable of scoring this CVE at CVSS 7.0 (High severity) and weighting findings against per-environment compliance policies, then routing the alert to the appropriate team inbox within each customer organization.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.2 becomes available on HarborGuard for any environment found running an affected version. For customers who opt into auto-remediation, HarborGuard triggers a rebuild, runs a regression test suite, and opens a pull request against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityNot required
The attacker needs an existing shell or process on the host; no network exposure is required to reach the vulnerable code path.
AuthenticationNot required
No authentication to the host system is required, though the attacker must have repository write access to place or modify a workspace .env file.
Victim interactionRequired
A user must actively trigger the Gmail setup gcloud execution flow, making this a social-engineering or insider-access vector that depends on user action.
Attack complexityDetail
While exploiting the variable injection itself is straightforward, the CVSS AT:P token indicates the attack depends on specific preconditions, namely the attacker having .env write access and the victim running the affected setup command.

Blast Radius

An attacker executes arbitrary code in the context of the user running the OpenClaw Gmail setup flow, gaining whatever filesystem and process permissions that user holds.
All files and credentials readable by the affected user process, including local secrets, API keys, and cached authentication tokens, become accessible to the attacker-controlled Python binary.
The attacker can persist malicious code or exfiltrate data without modifying the OpenClaw application itself, making detection harder through standard log review.

How HarborGuard Handles This

Available on HarborGuard: detection of this CVE is matched against scanned images within minutes of publication. For environments running an affected OpenClaw version, a rebuild at the fixed version 2026.5.2 is available. Customers with auto-remediation enabled receive a rebuilt image, a regression test run, and a PR opened against affected workloads automatically; median time from CVE publication to merged patch PR for high-severity issues is around 90 minutes for those environments. Where auto-remediation is not enabled, HarborGuard surfaces the finding with CVSS scoring and routing through the configured compliance policy so the responsible team can act manually. As a compensating control while remediation is pending, restricting write access to workspace .env files and auditing who holds repository write permissions limits the attacker surface for this vulnerability.

See how HarborGuard automates this

Fix available

2026.5.2

Affected packages

OpenClaw / OpenClaw
< 2026.5.2 (from 0)
Fixed in 2026.5.2

CVSS Vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available