GHSA-mj59-h3q9-ghfh
Suggest an improvement- Source
- https://github.com/advisories/GHSA-mj59-h3q9-ghfh
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/04/GHSA-mj59-h3q9-ghfh/GHSA-mj59-h3q9-ghfh.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-mj59-h3q9-ghfh
- Aliases
-
- CVE-2026-44995
- Downstream
- Published
- 2026-04-25T23:48:03Z
- Modified
- 2026-05-19T16:00:13.193904133Z
- Severity
-
- 5.4 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config
- Details
-
Affected Packages / Versions
- Package:
openclaw(npm) - Affected versions:
< 2026.4.20 - Patched version:
2026.4.20
Impact
Workspace MCP stdio configuration could pass dangerous process-startup environment variables such as
NODE_OPTIONS,LD_PRELOAD, orBASH_ENVto the spawned MCP server process. In a malicious workspace, this could make the MCP child load attacker-controlled code when the operator starts a session that uses that MCP server.The impact is limited to local/workspace trust boundaries and requires the operator to run OpenClaw in a workspace containing the malicious MCP configuration. Severity is therefore medium, not high/critical.
Fix
OpenClaw now filters MCP stdio environment entries through the host environment safety denylist before spawning stdio MCP servers.
Fix commits:
62fa5071896e95edc7f67d1cebc70a2859e283af85d86ebc4bf3d2226d39d132a484f4f7a299fa1b
Release
Fixed in OpenClaw
2026.4.20. - Package:
- Database specific
{ "github_reviewed_at": "2026-04-25T23:48:03Z", "nvd_published_at": null, "cwe_ids": [ "CWE-427", "CWE-454", "CWE-829" ], "severity": "MODERATE", "github_reviewed": true }- References
-
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh
- https://nvd.nist.gov/vuln/detail/CVE-2026-44995
- https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af
- https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b
- https://github.com/openclaw/openclaw
- https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables
Affected packages
npm / openclaw
Package
- Name
- openclaw
- View open source insights on deps.dev
- Purl
- pkg:npm/openclaw