Description
OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.
Published: 2026-05-06
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw processes workspace dotenv files without reserving the OPENCLAW_ prefix, allowing an attacker who can supply a workspace with a dotenv file to override critical runtime environment variables. Variables such as OPENCLAW_GIT_DIR may be set to arbitrary values, enabling the trusted OpenClaw instance to perform untrusted actions during source‑update or installer flows. This privilege escalation can lead to code execution or other unauthorized operations.

Affected Systems

The vulnerability affects the OpenClaw product from the vendor OpenClaw. All releases prior to 2026.4.20 are susceptible. It is present whenever workspace dotenv files are interpreted by the runtime.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity. No EPSS data is available, so the exploitation probability cannot be quantified, but the issue has been documented by security teams and listed in advisory references. Because the attacker only needs to place a malicious workspace file on a system that runs OpenClaw, the attack vector is local or remote depending on how workspaces are provided. The vulnerability is not listed in the CISA KEV catalog, yet the potential for runtime tampering is significant, underscoring the importance of applying the patch promptly.

Generated by OpenCVE AI on May 6, 2026 at 21:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.20 or later, where the OPENCLAW_ namespace is properly reserved.
  • Verify that workspace dotenv files come from trusted sources; enforce file integrity checks or disable workspace dotenv processing if not needed.
  • Restrict write permissions on directories containing workspace files to prevent unauthorized modifications.
  • Review and sanitize any environment variables that OpenClaw imports from external files to ensure no unintended overrides.

Generated by OpenCVE AI on May 6, 2026 at 21:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-hxvm-xjvf-93f3 OpenClaw: Workspace dotenv could override runtime-control environment variables
History

Thu, 07 May 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 06 May 2026 20:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.20 fails to properly reserve the OPENCLAW_ runtime-control environment namespace in workspace dotenv files, allowing attackers to override critical runtime variables. Malicious workspaces can set variables like OPENCLAW_GIT_DIR to manipulate trusted OpenClaw runtime behavior during source-update or installer flows.
Title OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-184
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-07T13:53:04.000Z

Reserved: 2026-05-05T11:30:46.259Z

Link: CVE-2026-44114

cve-icon Vulnrichment

Updated: 2026-05-07T13:52:59.842Z

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T20:16:35.340

Modified: 2026-05-07T17:07:54.960

Link: CVE-2026-44114

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-06T23:15:17Z

Weaknesses