Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
OpenClaw: Untrusted Model Can Hijack Compiler Binaries
GHSA-g8xp-qx39-9jq9
Summary
A security flaw in OpenClaw allows an untrusted model to replace critical compiler binaries, which could potentially lead to malicious code being executed. This issue affects versions of OpenClaw up to 2026.3.28, but is fixed in version 2026.3.31 and later. Update to the latest version of OpenClaw to protect against this vulnerability.
What to do
- Update openclaw to version 2026.3.31.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.28 | 2026.3.31 |
Original title
OpenClaw: Incomplete host-env-security-policy allows untrusted model to substitute compiler binaries via env overrides
Original description
## Summary
Incomplete `host-env-security-policy.json` allows untrusted model to substitute compiler binaries (`CC`, `CXX`, `CARGO_BUILD_RUSTC`, `CMAKE_C_COMPILER`) via env overrides on approved host exec requests
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Shipped v2026.3.28 host-env policy missed compiler override vars, but exploitation still requires an approved host-exec request inside the existing exec trust domain, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `e277a37f896b5011a1df06e6490c6630074d0afa` — 2026-03-30T20:06:32+01:00
OpenClaw thanks @tdjackey for reporting.
Incomplete `host-env-security-policy.json` allows untrusted model to substitute compiler binaries (`CC`, `CXX`, `CARGO_BUILD_RUSTC`, `CMAKE_C_COMPILER`) via env overrides on approved host exec requests
## Current Maintainer Triage
- Status: narrow
- Normalized severity: medium
- Assessment: Shipped v2026.3.28 host-env policy missed compiler override vars, but exploitation still requires an approved host-exec request inside the existing exec trust domain, so medium not high.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Latest published npm version: `2026.3.31`
- Vulnerable version range: `<=2026.3.28`
- Patched versions: `>= 2026.3.31`
- First stable tag containing the fix: `v2026.3.31`
## Fix Commit(s)
- `e277a37f896b5011a1df06e6490c6630074d0afa` — 2026-03-30T20:06:32+01:00
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
7.3
Vulnerability type
CWE-427
Uncontrolled Search Path Element
Published: 3 Apr 2026 · Updated: 3 Apr 2026 · First seen: 3 Apr 2026