PT-2026-25431 · Npm · Openclaw

Publicado

2026-03-03

·

Atualizado

2026-03-03

CVSS v3.1

5.3

Média

VetorAV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Summary

OpenClaw shell-env fallback trusted startup environment values and could execute attacker-influenced login-shell startup paths before loading env keys.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: >= 2026.1.5 and <= 2026.2.21-2
  • Fixed on main: 9363c320d8ffe29290906752fab92621da02c3f7
  • Planned patched release version (pre-set): 2026.2.22

Details

The vulnerable chain was in the shell-env fallback path:
  1. src/infra/shell-env.ts
  • resolveShell(env) trusted env.SHELL when set.
  • execLoginShellEnvZero(...) executed ${SHELL} -l -c "env -0" with inherited runtime env.
  1. src/config/io.ts
  • Config env values were applied before shell fallback execution.
  1. src/config/env-vars.ts / env policy coverage
  • SHELL handling was hardened, but startup-path selectors (HOME, ZDOTDIR) still needed explicit blocking in config env ingestion and sanitization for shell fallback execution.
With env/config influence, this could trigger unintended command execution in shell startup processing on the OpenClaw host process context.

Fix

Mainline hardening now:
  • blocks SHELL, HOME, and ZDOTDIR during config env ingestion used by runtime fallback,
  • sanitizes shell fallback execution env, pinning HOME to the real user home and dropping ZDOTDIR + dangerous startup vars,
  • adds regression tests for config env ingestion and shell fallback/path-probe sanitization.

Fix Commit(s)

  • 9363c320d8ffe29290906752fab92621da02c3f7

Impact

  • Local code-execution risk in environments where attacker-controlled env/config input can reach shell-env fallback.
  • Under OpenClaw trust assumptions (SECURITY.md), this is not a public-remote issue and depends on crossing local trusted-operator boundaries.

Release Process Note

patched versions is intentionally pre-set to the planned next release (2026.2.22) so once npm release is out, maintainers can publish advisory immediately.
OpenClaw thanks @tdjackey for reporting.

Correção

OS Command Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-15CWE-78

Identificadores relacionados

GHSA-5H2C-8V84-QPVR

Produtos afetados

Openclaw