PT-2026-39692 · Openclaw · Openclaw

Qi Deng

·

Published

2026-05-04

·

Updated

2026-05-11

·

CVE-2026-45003

CVSS v3.1

5.0

Medium

VectorAV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22
Description Workspace dotenv files can be used to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. This allows attackers with workspace access to redirect runtime traffic to malicious endpoints by configuring endpoint variables within these files.
Recommendations Update to version 2026.4.22.

Exploit

Fix

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-45003
GHSA-55CF-XX38-4P9P
GHSA-5JGM-F9WR-9QM7

Affected Products

Openclaw