PT-2026-37325 · Npm · Openclaw

Published

2026-04-25

·

Updated

2026-04-25

CVSS v3.1

7.8

High

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected versions: < 2026.4.20
  • Patched version: 2026.4.20

Impact

Workspace .env loading did not reserve the OPENCLAW runtime-control namespace broadly enough. A malicious workspace could set variables such as OPENCLAW GIT DIR before source-update or installer flows, potentially steering trusted OpenClaw runtime behavior.
This requires running OpenClaw from an attacker-controlled workspace. Severity is medium.

Fix

OpenClaw now reserves the workspace OPENCLAW environment namespace and rejects workspace dotenv entries for OpenClaw runtime-control variables.
Fix commit:
  • 018494fa3ebb9145112e68b56fe1cb2e9f9a9ed6

Release

Fixed in OpenClaw 2026.4.20.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

GHSA-HXVM-XJVF-93F3

Affected Products

Openclaw