Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
OpenClaw allows attackers to inject code during startup
GHSA-8fmp-37rc-p5g7
Summary
OpenClaw, a software package, allows malicious code to be injected into its startup environment, potentially allowing an attacker to execute arbitrary code. This issue affects OpenClaw versions up to 2026.2.19-2. To fix this issue, update to version 2026.2.21 or later.
What to do
- Update openclaw to version 2026.2.21.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.21 | 2026.2.21 |
Original title
OpenClaw's config env vars allowed startup env injection into service runtime
Original description
### Summary
OpenClaw allowed dangerous process-control environment variables from `env.vars` (for example `NODE_OPTIONS`, `LD_*`, `DYLD_*`) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.
### Details
`collectConfigEnvVars()` accepted unfiltered keys from config and those values were merged into the daemon install environment in `buildGatewayInstallPlan()`. Before the fix, startup-control variables were not blocked in this path.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published affected version: `2026.2.19-2` (published February 19, 2026)
- Affected range (structured): `<=2026.2.19-2 || =2026.2.19`
- Patched version (pre-set for next release): `>= 2026.2.21`
### Fix Commit(s)
- `2cdbadee1f8fcaa93302d7debbfc529e19868ea4`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`). Once that npm release is published, this advisory is ready to publish without further content edits.
OpenClaw thanks @tdjackey for reporting.
OpenClaw allowed dangerous process-control environment variables from `env.vars` (for example `NODE_OPTIONS`, `LD_*`, `DYLD_*`) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.
### Details
`collectConfigEnvVars()` accepted unfiltered keys from config and those values were merged into the daemon install environment in `buildGatewayInstallPlan()`. Before the fix, startup-control variables were not blocked in this path.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published affected version: `2026.2.19-2` (published February 19, 2026)
- Affected range (structured): `<=2026.2.19-2 || =2026.2.19`
- Patched version (pre-set for next release): `>= 2026.2.21`
### Fix Commit(s)
- `2cdbadee1f8fcaa93302d7debbfc529e19868ea4`
### Release Process Note
`patched_versions` is pre-set to the planned next release (`2026.2.21`). Once that npm release is published, this advisory is ready to publish without further content edits.
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
8.6
Vulnerability type
CWE-15
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026