Main Vulnerability Database Vulnerabilities #VU127178

Externally Controlled Reference to a Resource in Another Sphere in OpenClaw - #VU127178

Published: April 23, 2026

Vulnerability identifier: #VU127178

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-610

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OpenClaw

Affected software:
OpenClaw

Detailed vulnerability description

The vulnerability allows a remote user to redirect runtime traffic to an unintended endpoint.

The vulnerability exists due to externally controlled reference to a resource in another sphere in connector endpoint host configuration when loading workspace dotenv files. A remote user can set connector endpoint variables in a workspace .env file to redirect runtime traffic to an unintended endpoint.

The issue affects Matrix, Mattermost, IRC, and Synology-related connectors, including per-account Matrix homeserver suffixes and generic base-url or API-host style overrides.

Remediation

Install security update from vendor's website.

Sources

https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p

Externally Controlled Reference to a Resource in Another Sphere in OpenClaw - #VU127178

Detailed vulnerability description

Remediation

Sources

Please verify you're human