Primary

Context

OpenClaw Environment Variable Sanitization Vulnerability Leading to Code Execution

Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.3.28, where the environment variable sanitization process fails to block GIT_TEMPLATE_DIR and AWS_CONFIG_FILE. This oversight allows attackers to exploit approved execution requests by redirecting Git or AWS CLI operations through configuration files controlled by the attacker. Consequently, this could lead to the execution of untrusted code or the loading of malicious credentials.

Impact

Exploitation of this vulnerability could result in unauthorized code execution or the injection of malicious credentials into Git or AWS CLI operations, potentially compromising the integrity of the user's environment or application.

Remediation

Users can upgrade to OpenClaw version 2026.3.28 or later, where this vulnerability has been addressed.

Added: Apr 23, 2026, 10:47 PM

Updated: Apr 23, 2026, 10:47 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

0.0

relevance

6.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Environment Variable Sanitization Vulnerability Leading to Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating