OpenClaw Misses Important Security Settings for Docker and Git

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.8

OpenClaw Misses Important Security Settings for Docker and Git

GHSA-9gp8-hjxr-6f34

Summary

The OpenClaw software has a security issue that allows it to bypass important security settings for Docker and Git, potentially exposing sensitive data. This issue affects versions of OpenClaw up to 2026.3.28, but is fixed in version 2026.3.31. If you're using OpenClaw, update to the latest version to ensure your security settings are properly enforced.

What to do

Update openclaw to version 2026.3.31.

Affected software

Vendor	Product	Affected versions	Fix available
–	openclaw	<= 2026.3.28	2026.3.31

Original title

OpenClaw: Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

Original description

## Summary
Host exec environment overrides miss proxy, TLS, Docker, and Git TLS controls

## Current Maintainer Triage
- Status: open
- Normalized severity: medium
- Assessment: Real in shipped v2026.3.28: host exec env policy still missed proxy, TLS, Docker, and Git TLS variables until 4d912e0451 on 2026-03-31; maintainers already accepted it and the fix is unreleased.

## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`

## Fix Commit(s)
- `4d912e04519b4bd53b248437c53748cdebce9a41` — 2026-03-31T21:25:36+09:00

OpenClaw thanks @AntAISecurityLab for reporting.

ghsa CVSS4.0 4.8

Vulnerability type

CWE-269 Improper Privilege Management

Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026