GHSA-8FMP-37RC-P5G7

Vulnerability from github – Published: 2026-03-03 19:53 – Updated: 2026-04-08 19:26
VLAI?
Summary
OpenClaw's config env vars allowed startup env injection into service runtime
Details

Summary

OpenClaw allowed dangerous process-control environment variables from env.vars (for example NODE_OPTIONS, LD_*, DYLD_*) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.

Details

collectConfigEnvVars() accepted unfiltered keys from config and those values were merged into the daemon install environment in buildGatewayInstallPlan(). Before the fix, startup-control variables were not blocked in this path.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published affected version: 2026.2.19-2 (published February 19, 2026)
  • Affected range (structured): <=2026.2.19-2 || =2026.2.19
  • Patched version (pre-set for next release): >= 2026.2.21

Fix Commit(s)

  • 2cdbadee1f8fcaa93302d7debbfc529e19868ea4

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21). Once that npm release is published, this advisory is ready to publish without further content edits.

OpenClaw thanks @tdjackey for reporting.

Severity ?
8.8 (High)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 (Medium)
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T19:53:02Z",
    "nvd_published_at": "2026-03-18T02:16:21Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nOpenClaw allowed dangerous process-control environment variables from `env.vars` (for example `NODE_OPTIONS`, `LD_*`, `DYLD_*`) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.\n\n### Details\n`collectConfigEnvVars()` accepted unfiltered keys from config and those values were merged into the daemon install environment in `buildGatewayInstallPlan()`. Before the fix, startup-control variables were not blocked in this path.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published affected version: `2026.2.19-2` (published February 19, 2026)\n- Affected range (structured): `\u003c=2026.2.19-2 || =2026.2.19`\n- Patched version (pre-set for next release): `\u003e= 2026.2.21`\n\n### Fix Commit(s)\n- `2cdbadee1f8fcaa93302d7debbfc529e19868ea4`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.21`). Once that npm release is published, this advisory is ready to publish without further content edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-8fmp-37rc-p5g7",
  "modified": "2026-04-08T19:26:19Z",
  "published": "2026-03-03T19:53:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s config env vars allowed startup env injection into service runtime"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.