Description
OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup.
Published: 2026-04-20
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized configuration change
Action: Immediate Patch
AI Analysis

Impact

OpenClaw before 2026.3.28 loads the current working directory .env file before establishing a trusted configuration state, allowing an attacker to inject environment variables. By placing a crafted .env file in a repository or workspace, the attacker can override runtime configuration and security‑sensitive settings during startup, potentially compromising the application’s integrity and confidentiality.

Affected Systems

Version OpenClaw < 2026.3.28 is affected. Any deployment that loads a .env file from the working directory without prior validation of a trusted configuration is vulnerable.

Risk and Exploitability

The CVSS score of 8.5 indicates high severity. EPSS score is not available, so the exploitation probability cannot be quantified. The vulnerability is not listed in CISA KEV. Based on the description, the likely attack vector is a local or repository‑based injection where an attacker can write a malicious .env file prior to OpenClaw startup. Once the injected variables are applied, the attacker could alter critical configuration such as database credentials, SSL settings, or execution flags, which could lead to unauthorized data access or arbitrary code execution.

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.3.28 or later, which corrects the loading order of .env files.
  • Ensure that any .env files in the working directory are removed or sanitized before OpenClaw is started, especially in untrusted repositories or workspaces.
  • Implement a whitelist of permissible environment variables or restrict configuration changes to trusted sources, reducing the impact of any residual injection.

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-8rh7-6779-cjqq OpenClaw has a CWD `.env` environment variable injection which bypasses host-env policy and allows config takeover
History

Tue, 21 Apr 2026 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup.
Title OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-15
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.6, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:04:36.188Z

Reserved: 2026-04-20T14:01:13.151Z

Link: CVE-2026-41294

cve-icon Vulnrichment

Updated: 2026-04-21T13:04:30.499Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:29.637

Modified: 2026-04-27T15:07:46.833

Link: CVE-2026-41294

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses