GHSA-98ch-45wp-ch47
Suggest an improvement- Source
- https://github.com/advisories/GHSA-98ch-45wp-ch47
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-98ch-45wp-ch47/GHSA-98ch-45wp-ch47.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-98ch-45wp-ch47
- Downstream
- Published
- 2026-04-07T18:15:48Z
- Modified
- 2026-04-07T18:36:25.914035Z
- Severity
-
- 6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
- Details
-
Summary
Before OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time.
Impact
An approved command could run with attacker-chosen environment overrides that were not represented in the approval binding. This created an approval-integrity gap for affected host-exec flows.
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
<= 2026.4.1 - Patched versions:
>= 2026.4.2 - Latest published npm version:
2026.4.1
Fix Commit(s)
7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d— align approval binding with execution-time env-key normalization
Release Process Note
The fix is present on
mainand is staged for OpenClaw2026.4.2. Publish this advisory after the2026.4.2npm release is live.Thanks @iskindar for reporting, and thanks @wsparks-vc for coordination.
- Package:
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2026-04-07T18:15:48Z", "nvd_published_at": null, "severity": "MODERATE", "cwe_ids": [ "CWE-178" ] }- References
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw