Environment-Variable-Injection

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability (CVE-2026-44995) in MCP stdio server configuration, allowing attackers to execute arbitrary code via malicious workspace configurations that pass dangerous startup variables.

OpenClaw before version 2026.4.9 is vulnerable to environment variable injection, allowing attackers to use malicious workspace .env files to set runtime-control variables and compromise application behavior affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths.

OpenClaw before 2026.3.24 is vulnerable to environment variable injection, allowing attackers to inject malicious environment variables through crafted workspace configurations in the CLI backend, leading to potential code execution or sensitive data exposure.

The openclaw package versions prior to 2026.4.10 are vulnerable to environment variable injection, where the exec environment policy missed interpreter startup variables allowing operator-supplied environment overrides to influence downstream execution or network behavior, addressed in versions 2026.4.10 and later.

OpenClaw versions prior to 2026.4.8 are vulnerable to remote code execution (RCE) via build tool environment variable injection due to missing denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLAGS, allowing hostile environment variables to influence host exec commands.

The openclaw npm package is vulnerable to Python package-index redirection through host execution due to improper sanitization of `PIP_INDEX_URL` and `UV_INDEX_URL`, affecting versions 2026.3.28 and earlier.