Primary

Context

OpenClaw Option Injection Vulnerability in Git Hooks Pre-commit Hook

Vulnerability

An option injection vulnerability has been identified in OpenClaw versions prior to 2026.2.15. This vulnerability resides in the git-hooks/pre-commit hook, where the absence of a proper separator allows attackers to inject git options. By creating files with names that begin with dashes, attackers can manipulate the hook into staging ignored files, such as .env files, and inadvertently add them to git history.

Impact

Exploitation of this vulnerability allows for the injection of git options, potentially leading to the staging of sensitive ignored files and their inclusion in git history.

Remediation

Users can update to OpenClaw version 2026.2.15 or later to address this vulnerability.

Added: Mar 5, 2026, 10:23 PM

Updated: Mar 5, 2026, 10:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

3.3

remediation

0.0

relevance

3.5

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Option Injection Vulnerability in Git Hooks Pre-commit Hook

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating