DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-J9PV-RRCJ-6PFX: GHSA-j9pv-rrcj-6pfx: Insecure Environment Inheritance and Information Disclosure in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-j9pv-rrcj-6pfx: Insecure Environment Inheritance and Information Disclosure in OpenClaw

Vulnerability ID: GHSA-J9PV-RRCJ-6PFX
CVSS Score: 8.6
Published: 2026-04-02

OpenClaw versions prior to v2026.3.31 are vulnerable to information disclosure due to insecure environment inheritance in the SSH-based sandbox backends. The application passes the entire parent process environment, including sensitive AI provider API keys, to child processes.

TL;DR

OpenClaw passes unsanitized environment variables to child processes in its SSH sandbox, exposing AI API keys to local and potentially remote attackers. Upgrading to v2026.3.31 patches this via a strict environment filtering utility.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-214, CWE-200
  • Attack Vector: Local / Remote (Conditional)
  • CVSS Score: 8.6
  • Exploit Status: Proof of Concept
  • Impact: High (Information Disclosure)
  • Patch Status: Available (v2026.3.31)

Affected Systems

  • OpenClaw ssh-backend component
  • OpenClaw openshell extension
  • OpenClaw: < 2026.3.31 (Fixed in: 2026.3.31)

Code Analysis

Commit: cfe1445

Fix: Implement sanitizeEnvVars utility to prevent sensitive environment variable inheritance in subprocesses.

Added sanitize-env-vars.ts and modified ssh-backend.ts to apply filtering.
Enter fullscreen mode Exit fullscreen mode

Mitigation Strategies

  • Upgrade to patched software version v2026.3.31
  • Harden local SSH client configurations to prevent SendEnv variable forwarding
  • Implement principle of least privilege for the OpenClaw service account

Remediation Steps:

  1. Audit all systems running OpenClaw to identify the current software version.
  2. Update the application to version v2026.3.31 using the standard package manager or deployment pipeline.
  3. Inspect /etc/ssh/ssh_config and ~/.ssh/config for SendEnv directives.
  4. Remove or restrict SendEnv parameters to prevent accidental exposure of wildcard API keys.
  5. Rotate any API keys (OpenAI, Anthropic) that were previously utilized by the vulnerable application.

References

Read the full report for GHSA-J9PV-RRCJ-6PFX on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)