OpenClaw Environment Variable Leakage Vulnerability in SSH Sandbox Backends
Vulnerability
A vulnerability allowing environment variable leakage has been identified in OpenClaw versions prior to 2026.3.31. This issue arises in SSH-based sandbox backends that transmit unsanitized environment variables to child processes. Attackers can exploit this vulnerability by using non-default SSH environment forwarding settings to transfer sensitive information from parent processes to SSH child processes.
Impact
Exploitation of this vulnerability could lead to the unauthorized disclosure of sensitive environment variables in SSH child processes.
Reproduction
The vulnerability can be reproduced by creating an SSH sandbox backend session that forwards environment variables. Once the session is active, any sensitive environment variables that were not properly sanitized can be accessed in the child process, demonstrating the leakage.
Remediation
Users can upgrade to OpenClaw version 2026.3.31 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.