OpenClaw Environment Variable Override Vulnerability in Host Execution Policy
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.3.31, allowing environment variable overrides that bypass critical security controls. The issue arises in the host execution policy, which fails to properly enforce regulations related to proxy settings, TLS verification, Docker restrictions, and Git TLS controls. This oversight enables attackers to manipulate environment variables and circumvent these security measures.
Impact
Exploitation of this vulnerability allows for unauthorized overrides of environment variables, potentially leading to the circumvention of proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
Reproduction
The vulnerability can be reproduced by setting environment variables that override proxy, TLS, Docker, or Git TLS settings, and then executing a command that relies on these controls. This can be done by using a tool that interfaces with OpenClaw and applies the desired environment variable overrides.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.