PT-2026-42600 · Npm · Openclaw
Publicado
2026-05-11
·
Atualizado
2026-05-11
CVSS v3.1
5.0
Média
| Vetor | AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N |
Duplicate Advisory
This advisory has been withdrawn because it is a duplicate of GHSA-55cf-xx38-4p9p. This link is maintained to preserve external references.
Original Description
OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Openclaw