OpenClaw Improper Environment Variable Validation Vulnerability in MCP Stdio Server Allowing Arbitrary Code Execution

A vulnerability exists in OpenClaw versions prior to 2026.4.20, related to improper validation of environment variables in the MCP stdio server configuration. This flaw enables attackers to execute arbitrary code by injecting malicious startup variables such as NODE_OPTIONS, LD_PRELOAD, or BASH_ENV into processes spawned by the MCP server. The issue arises when operators initiate sessions using these compromised servers, potentially leading to code execution in the context of the user running OpenClaw.

Impact

Exploitation of this vulnerability could allow for arbitrary code execution on the server where OpenClaw is running, by injecting and executing malicious code through the manipulated environment variables.

Reproduction

To reproduce this vulnerability, create a malicious workspace configuration that includes dangerous environment variables such as NODE_OPTIONS, LD_PRELOAD, or BASH_ENV. When a session is started using an MCP stdio server that has been configured to accept these variables, the injected code will be executed, demonstrating the vulnerability.

Remediation

Users can update to OpenClaw version 2026.4.20 or later, where this vulnerability has been patched.