DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-MJ59-H3Q9-GHFH: GHSA-MJ59-H3Q9-GHFH: Arbitrary Code Execution via Environment Variable Injection in OpenClaw MCP Servers

#security #cve #cybersecurity #ghsa

GHSA-MJ59-H3Q9-GHFH: Arbitrary Code Execution via Environment Variable Injection in OpenClaw MCP Servers

Vulnerability ID: GHSA-MJ59-H3Q9-GHFH
CVSS Score: 7.8
Published: 2026-04-25

OpenClaw versions prior to 2026.4.20 are vulnerable to an environment variable injection flaw within the Model Context Protocol (MCP) server configuration mechanism. By supplying a crafted workspace configuration file, an attacker can define dangerous environment variables that execute arbitrary code upon server initialization.

TL;DR

OpenClaw fails to sanitize environment variables in MCP stdio transport configurations. Opening a malicious workspace triggers arbitrary code execution via system runtime manipulation. Update to version 2026.4.20 immediately.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-74
  • Attack Vector: Local (with user interaction)
  • CVSS v3.1 Score: 7.8
  • Impact: Arbitrary Code Execution
  • Exploit Status: PoC Available
  • Patched Version: 2026.4.20

Affected Systems

  • OpenClaw AI Assistant
  • Node.js Runtime environments (via NODE_OPTIONS)
  • Linux systems (via LD_PRELOAD)
  • macOS systems (via DYLD_INSERT_LIBRARIES)
  • openclaw: < 2026.4.20 (Fixed in: 2026.4.20)

Code Analysis

Commit: 62fa507

Fix environment variable injection in MCP stdio transport by introducing toMcpEnvRecord and isDangerousHostEnvVarName.

Mitigation Strategies

  • Update OpenClaw to version 2026.4.20 or later.
  • Implement manual inspection protocols for mcp.json files in untrusted repositories.
  • Deploy YARA or Nuclei rules to scan for malicious NODE_OPTIONS or LD_PRELOAD definitions in configuration files.

Remediation Steps:

  1. Identify the installed version of the openclaw npm package.
  2. Execute npm install -g openclaw@^2026.4.20 to update the package globally.
  3. Verify the installation by running npm list -g openclaw.
  4. Restart any running OpenClaw application instances to ensure the patched modules are loaded in memory.

References

Read the full report for GHSA-MJ59-H3Q9-GHFH on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)