PT-2026-32076 — Incomplete List of Disallowed Inputs in Npm Openclaw

PT-2026-32076 · Npm · Openclaw

Published

2026-03-31

Updated

2026-03-31

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Summary

Host execution env sanitization did not block GIT TEMPLATE DIR or AWS CONFIG FILE, even though both can redirect trusted tooling to attacker-controlled content.

Impact

An approved exec request could redirect git or AWS CLI behavior through attacker-controlled configuration and execute untrusted code or load attacker-selected credentials.

Affected Component

src/infra/host-env-security-policy.json, src/infra/host-env-security.ts

Fixed Versions

Affected: <= 2026.3.24
Patched: >= 2026.3.28
Latest stable 2026.3.28 contains the fix.

Fix

Fixed by commit 6eb82fba3c (Infra: block additional host exec env keys).

OpenClaw thanks @nicky-cc of Tencent zhuque Lab https://github.com/Tencent/AI-Infra-Guard for reporting.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

GHSA-M866-6QV5-P2FG

Affected Products

Openclaw