GHSA-HXVM-XJVF-93F3: Arbitrary Code Execution via Insecure Environment Variable Loading in OpenClaw
Vulnerability ID: GHSA-HXVM-XJVF-93F3
CVSS Score: 7.8
Published: 2026-04-25
OpenClaw versions prior to 2026.4.20 are vulnerable to arbitrary code execution due to insecure handling of workspace-local .env files. The application fails to restrict the entire OPENCLAW_ namespace, allowing untrusted repositories to override critical internal control variables.
TL;DR
Untrusted workspace .env files can override OpenClaw internal variables, leading to arbitrary code execution. Users must upgrade to version 2026.4.20.
⚠️ Exploit Status: POC
Technical Details
- Attack Vector: Local / User Interaction
- Impact: Arbitrary Code Execution
- CWE ID: CWE-829
- Exploit Status: Proof of Concept
- Patched Version: 2026.4.20
Affected Systems
- OpenClaw npm package (< 2026.4.20)
-
openclaw: < 2026.4.20 (Fixed in:
2026.4.20)
Code Analysis
Commit: 018494f
Security/dotenv: block all OPENCLAW_* keys from untrusted workspace .env files
Mitigation Strategies
- Update OpenClaw to version 2026.4.20 or later.
- Manually inspect workspace-local
.envfiles for variables beginning with theOPENCLAW_prefix. - Avoid opening untrusted repositories or workspaces with OpenClaw.
Remediation Steps:
- Identify the currently installed version of OpenClaw using
npm list -g openclaw. - If the version is prior to 2026.4.20, run
npm install -g openclaw@latest. - Verify the successful installation of the patched version.
- Implement static analysis rules to flag malicious
.envkeys in code repositories.
References
- GitHub Security Advisory GHSA-hxvm-xjvf-93f3
- Fix Commit 018494f
- Aliyun Vulnerability Database AVD-2026-1868829
Read the full report for GHSA-HXVM-XJVF-93F3 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)