GHSA-xgf2-vxv2-rrmg

Source

https://github.com/advisories/GHSA-xgf2-vxv2-rrmg

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-xgf2-vxv2-rrmg/GHSA-xgf2-vxv2-rrmg.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xgf2-vxv2-rrmg

Downstream

MINI-vx2x-wg4f-xjjc

Published

2026-03-03T22:12:51Z

Modified

2026-03-04T15:17:08.341595Z

Severity

7.3 (High) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator

Summary

OpenClaw's shell startup env injection bypasses system.run allowlist intent (RCE class)

Details

Summary

system.run environment sanitization allowed shell-startup env overrides (HOME, ZDOTDIR) that can execute attacker-controlled startup files before allowlist-evaluated command bodies.

Affected Packages / Versions

Package: openclaw (npm)
Affected: <= 2026.2.21-2 (latest published vulnerable version)
Planned patched version: >= 2026.2.22

Technical Details

In affected versions: - Env sanitization blocked many dangerous keys, but not startup-sensitive override keys (HOME, ZDOTDIR) in host exec env paths. - Shell-wrapper analysis for allowlist mode models command bodies, but not shell startup side effects. - Runtime execution used sanitized env, so attacker-provided startup-key overrides could run hidden startup payloads first.

Observed exploit vectors: - HOME + bash -lc + malicious .bash_profile - ZDOTDIR + zsh -c + malicious .zshenv

Fix Commit(s)

c2c7114ed39a547ab6276e1e933029b9530ee906

Release Process Note

patched_versions is pre-set to the planned next release (>= 2026.2.22). After the npm release is published, this advisory can be published directly.

OpenClaw thanks @tdjackey for reporting.

Database specific

{
    "github_reviewed_at": "2026-03-03T22:12:51Z",
    "github_reviewed": true,
    "cwe_ids": [
        "CWE-15",
        "CWE-78"
    ],
    "nvd_published_at": null,
    "severity": "HIGH"
}

References

Affected packages

npm / openclaw

Package

Name: openclaw; View open source insights on deps.dev
Purl: pkg:npm/openclaw

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2026.2.22

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-xgf2-vxv2-rrmg/GHSA-xgf2-vxv2-rrmg.json"