OpenClaw Dotenv File Override Vulnerability for Connector Endpoints

A vulnerability in OpenClaw versions prior to 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. This issue enables attackers with workspace access to redirect runtime traffic to malicious endpoints by specifying endpoint variables in dotenv files.

Impact

Exploitation of this vulnerability could lead to unauthorized redirection of connector traffic to malicious endpoints, potentially causing misuse of the application's integration with these services.

Reproduction

The vulnerability can be reproduced by creating a workspace dotenv file that includes specific endpoint variables for Matrix, Mattermost, IRC, or Synology connectors. Once these variables are set, the application will redirect traffic intended for the original endpoints to the ones specified in the dotenv file. This can be verified by checking the application's traffic or logs to see if it has been redirected to the malicious endpoints.

Remediation

Users can update to OpenClaw version 2026.4.22 or later, where this vulnerability has been fixed.