External Control of System or Configuration Setting in OpenClaw - #VU125184

 

External Control of System or Configuration Setting in OpenClaw - #VU125184

Published: April 8, 2026


Vulnerability identifier: #VU125184
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-15
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: OpenClaw
Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to alter environment settings for host command execution.

The vulnerability exists due to external control of system or configuration setting in gateway host exec environment override handling when processing environment override keys. A remote user can supply blocked or malformed override keys to alter environment settings for host command execution.


Remediation

Install security update from vendor's website.

Sources