Main Vulnerability Database Vulnerabilities #VU125184

#VU125184 External Control of System or Configuration Setting in OpenClaw

Published: April 8, 2026

Vulnerability identifier: #VU125184

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-15

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
OpenClaw

Software vendor:
OpenClaw

Description

The vulnerability allows a remote user to alter environment settings for host command execution.

The vulnerability exists due to external control of system or configuration setting in gateway host exec environment override handling when processing environment override keys. A remote user can supply blocked or malformed override keys to alter environment settings for host command execution.

Remediation

Install security update from vendor's website.

External links

https://github.com/openclaw/openclaw/security/advisories/GHSA-39pp-xp36-q6mg

#VU125184 External Control of System or Configuration Setting in OpenClaw

Description

Remediation

External links

Please verify you're human