Description
OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting malicious index URLs through unsanitized environment variables.
Published: 2026-04-28
Score: 5.8 Medium
EPSS: n/a
KEV: No
Impact: Package Index Manipulation
Action: Immediate Patch
AI Analysis

Impact

OpenClaw fails to sanitize the PIP_INDEX_URL and UV_INDEX_URL environment variables when executed in a host context, permitting an attacker to override the Python package index URL. By injecting a malicious URL, the attacker can redirect package management traffic to a compromised repository, allowing the delivery of tampered or malicious packages to a target system. This flaw represents a defect in information access control, enabling unauthorized manipulation of package sources and potentially enabling further compromise through package delivery.

Affected Systems

All versions of OpenClaw older than 2026.3.31 are affected. The vulnerability has been reported in the OpenClaw product supplied under the OpenClaw:OpenClaw vendor designation.

Risk and Exploitability

The base CVSS score of 5.8 indicates moderate severity. The EPSS score is not available, and the vulnerability is not listed in CISA KEV, suggesting limited known exploitation. The most likely attack vector involves an attacker with the ability to set or influence environment variables in the host execution context; this could occur from local compromised credentials or from a compromised build environment. Exploitation would require injecting a malicious URL into PIP_INDEX_URL or UV_INDEX_URL, after which OpenClaw would redirect package downloads to the attacker’s controlled index.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.31 or later to apply the vendor’s patch.
  • If an upgrade is not immediately possible, remove or explicitly sanitize the PIP_INDEX_URL and UV_INDEX_URL environment variables before launching OpenClaw.
  • Restrict write access to environment variables used by OpenClaw to trusted users only so that untrusted input cannot alter package index URLs.

Generated by OpenCVE AI on April 28, 2026 at 23:04 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 fails to properly sanitize PIP_INDEX_URL and UV_INDEX_URL environment variables in host execution contexts, allowing attackers to redirect Python package-index traffic. Attackers can exploit this bypass to intercept or manipulate package management operations by injecting malicious index URLs through unsanitized environment variables.
Title OpenClaw < 2026.3.31 - Environment Variable Bypass in Package Index URL Handling
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:09:51.901Z

Reserved: 2026-04-20T14:13:45.348Z

Link: CVE-2026-41391

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:42.310

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41391

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses