OpenClaw before 2026.3.31 passes unsanitized process.env to child processes used by SSH sandbox backends. This flaw allows an attacker to read environment variables that belong to the parent process, potentially exposing passwords, API keys, or other sensitive data. The weakness is a straight information leak described as CWE-214. In practice, the attacker can gather sensitive data that could lead to credential compromise or facilitate further privileged actions, but the vulnerability does not grant code execution or direct modification of the target system.

The affected product is OpenClaw 2026.3 and all earlier releases. The vulnerability specifically impacts any deployment that uses OpenClaw’s SSH sandbox backends, which are configured to forward the current environment to the child process. No specific version range is listed beyond the stated cutoff, so all versions older than 2026.3.31 are considered susceptible.

The CVSS score of 2 indicates a low severity classification, and the EPSS score of less than 1% suggests a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. The likely attack vector is an attacker with the ability to manipulate or observe the SSH environment forwarding configuration in the SSH sandbox backend; based on the description, it is inferred that the attacker would need to inject or modify the environment variables that are forwarded. Exploitability requires that the target system accepts arbitrary environment data for SSH child processes, which may be configurable by system administrators or developers. Because the flaw is limited to leaking existing environment data rather than generating new data, it places the attacker’s capabilities mainly in disclosure rather than full control.