Description
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
Published: 2026-04-20
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: Bypass of proxy, TLS, Docker, and Git TLS controls via environment variable override
Action: Update Software
AI Analysis

Impact

OpenClaw versions before 2026.3.31 allow an attacker to override environment variables specified in the host execution policy. The override bypasses critical security controls including proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement, potentially enabling the execution of malicious code or compromise of secure connections. This weakness is identified as CWE-453, reflecting improper restriction of operations within a confined environment.

Affected Systems

The vulnerability affects the OpenClaw product from the OpenClaw vendor. Systems running any version prior to 2026.3.31 are impacted; versions 2026.3.31 and later are not affected.

Risk and Exploitability

The CVSS score is 2, indicating low severity, and no EPSS score is provided. The vulnerability is not listed in CISA KEV. Attack vectors appear to be tied to the ability to influence environment variables during host execution; the exact conditions are not detailed in the advisory, but the likely attack path involves an attacker having privileges to set environment variables that are consumed by host‑side execution processes. As this is a low‑severity issue with no known exploitation probability data, the risk remains relatively low but the impact of bypassing controls could be significant if an attacker can influence execution contexts.

Generated by OpenCVE AI on April 21, 2026 at 15:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw version 2026.3.31 or later to apply the patch
  • Limit or remove environment variables that may be overridden in the host execution policy, ensuring only trusted variables are exported
  • Configure proxy, TLS, Docker, and Git TLS settings to enforce strict verification and deny bypassing through environment variables

Generated by OpenCVE AI on April 21, 2026 at 15:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-9gp8-hjxr-6f34 OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls
History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
Title OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-453
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N'}

cvssV4_0

{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:39:27.598Z

Reserved: 2026-04-20T14:03:06.199Z

Link: CVE-2026-41330

cve-icon Vulnrichment

Updated: 2026-04-21T13:39:21.001Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:31.557

Modified: 2026-04-27T15:08:32.360

Link: CVE-2026-41330

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses