CVE-2026-44995
HIGHOpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables
Title source: cnaDescription
OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.
References (4)
Core 4
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-mj59-h3q9-ghfh)
https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh
Patch patch
Patch Commit (1)
https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af
Patch patch
Patch Commit (2)
https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables
https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables
Scores
CVSS v3
7.3
EPSS
0.0001
EPSS Percentile
2.0%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-829
Status
published
Products (4)
npm/openclaw
0 - 2026.4.20npm
OpenClaw/OpenClaw
< 2026.4.20
openclaw/openclaw
< 2026.4.20
OpenClaw/OpenClaw
2026.4.20
Published
May 11, 2026
Tracked Since
May 11, 2026