Common Weakness Enumeration

CWE-15

Allowed

External Control of System or Configuration Setting

Abstraction: Base · Status: Incomplete

One or more system settings or configuration elements can be externally controlled by a user.

136 vulnerabilities reference this CWE, most recent first.

GHSA-6G3P-Q5XV-HQ72

Vulnerability from github – Published: 2024-12-05 15:31 – Updated: 2024-12-05 15:31
VLAI
Details

Service Control vulnerabilities allow access to service restart requests and vm configuration settings.  Affected products:

ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-51544"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-12-05T13:15:07Z",
    "severity": "HIGH"
  },
  "details": "Service Control vulnerabilities allow access to service restart requests and vm configuration settings.\u00a0\nAffected products:\n\n\nABB ASPECT - Enterprise v3.08.02; \nNEXUS Series v3.08.02; \nMATRIX Series v3.08.02",
  "id": "GHSA-6g3p-q5xv-hq72",
  "modified": "2024-12-05T15:31:02Z",
  "published": "2024-12-05T15:31:02Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-51544"
    },
    {
      "type": "WEB",
      "url": "https://search.abb.com/library/Download.aspx?DocumentID=9AKK108469A7497\u0026LanguageCode=en\u0026DocumentPartId=\u0026Action=Launch"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-6GR5-F9V8-MMJP

Vulnerability from github – Published: 2023-11-08 12:30 – Updated: 2024-09-04 18:30
VLAI
Details

Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46764"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-08T10:15:09Z",
    "severity": "MODERATE"
  },
  "details": "Unauthorized startup vulnerability of background apps. Successful exploitation of this vulnerability may cause background apps to start maliciously.",
  "id": "GHSA-6gr5-f9v8-mmjp",
  "modified": "2024-09-04T18:30:47Z",
  "published": "2023-11-08T12:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46764"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2023/11"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-202311-0000001729189597"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6PGC-3W24-9RCW

Vulnerability from github – Published: 2023-09-28 21:30 – Updated: 2024-04-04 07:57
VLAI
Details

mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-43323"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-09-28T20:15:11Z",
    "severity": "MODERATE"
  },
  "details": "mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].",
  "id": "GHSA-6pgc-3w24-9rcw",
  "modified": "2024-04-04T07:57:26Z",
  "published": "2023-09-28T21:30:58Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-43323"
    },
    {
      "type": "WEB",
      "url": "https://github.com/ahrixia/CVE-2023-43323"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-6XC3-9629-W8H2

Vulnerability from github – Published: 2022-10-14 19:00 – Updated: 2025-05-14 15:31
VLAI
Details

The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-41582"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-10-14T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "The security module has configuration defects.Successful exploitation of this vulnerability may affect system availability.",
  "id": "GHSA-6xc3-9629-w8h2",
  "modified": "2025-05-14T15:31:30Z",
  "published": "2022-10-14T19:00:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41582"
    },
    {
      "type": "WEB",
      "url": "https://consumer.huawei.com/en/support/bulletin/2022/10"
    },
    {
      "type": "WEB",
      "url": "https://device.harmonyos.com/en/docs/security/update/security-bulletins-phones-202210-0000001416095697"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-7RC8-5C8Q-JR6J

Vulnerability from github – Published: 2025-10-20 20:08 – Updated: 2026-06-08 19:50
VLAI
Summary
Taguette password reset link poisoning
Details

Impact

An issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.

Patches

Users should upgrade to Taguette 1.5.0.

References

  • https://gitlab.com/remram44/taguette/-/issues/331
Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "taguette"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.5.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-62527"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-20T20:08:45Z",
    "nvd_published_at": "2025-10-20T20:15:37Z",
    "severity": "HIGH"
  },
  "details": "### Impact\nAn issue has been discovered in Taguette versions prior to 1.5.0. It was possible for an attacker to request password reset email containing a malicious link, allowing the attacker to set the email if clicked by the victim.\n\n### Patches\nUsers should upgrade to Taguette 1.5.0.\n\n### References\n- https://gitlab.com/remram44/taguette/-/issues/331",
  "id": "GHSA-7rc8-5c8q-jr6j",
  "modified": "2026-06-08T19:50:30Z",
  "published": "2025-10-20T20:08:45Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/remram44/taguette/security/advisories/GHSA-7rc8-5c8q-jr6j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62527"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/taguette/PYSEC-2025-187.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/remram44/taguette"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/remram44/taguette/-/issues/331"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Taguette password reset link poisoning"
}

GHSA-7WV2-2269-6GJ4

Vulnerability from github – Published: 2025-01-22 21:30 – Updated: 2025-01-22 21:30
VLAI
Details

For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-11166"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-01-22T19:15:09Z",
    "severity": "HIGH"
  },
  "details": "For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition.",
  "id": "GHSA-7wv2-2269-6gj4",
  "modified": "2025-01-22T21:30:57Z",
  "published": "2025-01-22T21:30:57Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11166"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-021-01"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-7WV4-CC7P-JHXC

Vulnerability from github – Published: 2026-04-17 21:56 – Updated: 2026-05-08 21:48
VLAI
Summary
OpenClaw: Workspace .env could inject OpenClaw runtime-control variables
Details

Summary

Workspace .env could inject OpenClaw runtime-control variables.

Affected Packages / Versions

  • Package: openclaw
  • Ecosystem: npm
  • Affected versions: < 2026.4.9
  • Patched versions: >= 2026.4.9

Impact

A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs, ClawHub resolution, browser executable paths, and related behavior.

Technical Details

The fix blocks OpenClaw runtime-control keys and key families from workspace .env loading.

Fix

The issue was fixed in #62660. The first stable tag containing the fix is v2026.4.9, and openclaw@2026.4.14 includes the fix.

Fix Commit(s)

  • dbfcef319618158fa40b31cdac386ea34c392c0c
  • PR: #62660

Release Process Note

Users should upgrade to openclaw 2026.4.9 or newer. The latest npm release, 2026.4.14, already includes the fix.

Credits

Thanks to @zsxsoft, with sponsorship from @KeenSecurityLab for reporting this issue.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.4.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-43531"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-04-17T21:56:12Z",
    "nvd_published_at": "2026-05-05T12:16:19Z",
    "severity": "MODERATE"
  },
  "details": "## Summary\n\nWorkspace .env could inject OpenClaw runtime-control variables.\n\n## Affected Packages / Versions\n\n- Package: `openclaw`\n- Ecosystem: npm\n- Affected versions: `\u003c 2026.4.9`\n- Patched versions: `\u003e= 2026.4.9`\n\n## Impact\n\nA malicious workspace `.env` file could set OpenClaw runtime-control variables affecting update sources, gateway URLs, ClawHub resolution, browser executable paths, and related behavior.\n\n## Technical Details\n\nThe fix blocks OpenClaw runtime-control keys and key families from workspace `.env` loading.\n\n## Fix\n\nThe issue was fixed in #62660. The first stable tag containing the fix is `v2026.4.9`, and `openclaw@2026.4.14` includes the fix.\n\n## Fix Commit(s)\n\n- `dbfcef319618158fa40b31cdac386ea34c392c0c`\n- PR: #62660\n\n## Release Process Note\n\nUsers should upgrade to `openclaw` 2026.4.9 or newer. The latest npm release, `2026.4.14`, already includes the fix.\n\n## Credits\n\nThanks to @zsxsoft, with sponsorship from @KeenSecurityLab for reporting this issue.",
  "id": "GHSA-7wv4-cc7p-jhxc",
  "modified": "2026-05-08T21:48:03Z",
  "published": "2026-04-17T21:56:12Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-7wv4-cc7p-jhxc"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43531"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/pull/62660"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/dbfcef319618158fa40b31cdac386ea34c392c0c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-workspace-env-file"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Workspace .env could inject OpenClaw runtime-control variables"
}

GHSA-823X-FV5P-H7HW

Vulnerability from github – Published: 2025-03-25 00:30 – Updated: 2025-11-03 21:33
VLAI
Summary
ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation
Details

A security issue was discovered in ingress-nginx where the auth-tls-match-cn Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/ingress-nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.11.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "k8s.io/ingress-nginx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.12.0-beta.0"
            },
            {
              "fixed": "1.12.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-1097"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15",
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-03-25T15:07:12Z",
    "nvd_published_at": "2025-03-25T00:15:13Z",
    "severity": "HIGH"
  },
  "details": "A security issue was discovered in [ingress-nginx](https://github.com/kubernetes/ingress-nginx) where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)",
  "id": "GHSA-823x-fv5p-h7hw",
  "modified": "2025-11-03T21:33:13Z",
  "published": "2025-03-25T00:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1097"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/kubernetes/issues/131007"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/kubernetes/ingress-nginx"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.11.5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kubernetes/ingress-nginx/releases/tag/controller-v1.12.1"
    },
    {
      "type": "WEB",
      "url": "https://groups.google.com/g/kubernetes-security-announce/c/2qa9DFtN0cQ"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250328-0008"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ngress-nginx controller - configuration injection via unsanitized auth-tls-match-cn annotation"
}

GHSA-82G8-464F-2MV7

Vulnerability from github – Published: 2026-02-27 21:36 – Updated: 2026-03-12 17:30
VLAI
Summary
OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)
Details

Summary

applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.

Impact

In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.

Required attacker capability

An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.

Remediation

Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys.

Fix Commit(s)

  • 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c

Found using MCPwner

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-4039"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-1341",
      "CWE-15",
      "CWE-94"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-02-27T21:36:17Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "### Summary\n`applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy.\n\n### Impact\nIn affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior.\n\n### Required attacker capability\nAn attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.\u003cskill\u003e.env` or related skill config values.\n\n### Remediation\nFixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys.\n\n## Fix Commit(s)\n- `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c`\n\nFound using [MCPwner](https://github.com/Pigyon/MCPwner)",
  "id": "GHSA-82g8-464f-2mv7",
  "modified": "2026-03-12T17:30:21Z",
  "published": "2026-02-27T21:36:17Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-4039"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/8c9f35cdb51692b650ddf05b259ccdd75cc9a83c"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/releases/tag/v2026.2.21"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw: Skill env override host env injection via applySkillConfigEnvOverrides (defense-in-depth)"
}

GHSA-8FMP-37RC-P5G7

Vulnerability from github – Published: 2026-03-03 19:53 – Updated: 2026-04-08 19:26
VLAI
Summary
OpenClaw's config env vars allowed startup env injection into service runtime
Details

Summary

OpenClaw allowed dangerous process-control environment variables from env.vars (for example NODE_OPTIONS, LD_*, DYLD_*) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.

Details

collectConfigEnvVars() accepted unfiltered keys from config and those values were merged into the daemon install environment in buildGatewayInstallPlan(). Before the fix, startup-control variables were not blocked in this path.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Latest published affected version: 2026.2.19-2 (published February 19, 2026)
  • Affected range (structured): <=2026.2.19-2 || =2026.2.19
  • Patched version (pre-set for next release): >= 2026.2.21

Fix Commit(s)

  • 2cdbadee1f8fcaa93302d7debbfc529e19868ea4

Release Process Note

patched_versions is pre-set to the planned next release (2026.2.21). Once that npm release is published, this advisory is ready to publish without further content edits.

OpenClaw thanks @tdjackey for reporting.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "openclaw"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2026.2.21"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-22177"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-15"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-03-03T19:53:02Z",
    "nvd_published_at": "2026-03-18T02:16:21Z",
    "severity": "MODERATE"
  },
  "details": "### Summary\nOpenClaw allowed dangerous process-control environment variables from `env.vars` (for example `NODE_OPTIONS`, `LD_*`, `DYLD_*`) to flow into gateway service runtime environments, enabling startup-time code execution in the OpenClaw process context.\n\n### Details\n`collectConfigEnvVars()` accepted unfiltered keys from config and those values were merged into the daemon install environment in `buildGatewayInstallPlan()`. Before the fix, startup-control variables were not blocked in this path.\n\n### Affected Packages / Versions\n- Package: `openclaw` (npm)\n- Latest published affected version: `2026.2.19-2` (published February 19, 2026)\n- Affected range (structured): `\u003c=2026.2.19-2 || =2026.2.19`\n- Patched version (pre-set for next release): `\u003e= 2026.2.21`\n\n### Fix Commit(s)\n- `2cdbadee1f8fcaa93302d7debbfc529e19868ea4`\n\n### Release Process Note\n`patched_versions` is pre-set to the planned next release (`2026.2.21`). Once that npm release is published, this advisory is ready to publish without further content edits.\n\nOpenClaw thanks @tdjackey for reporting.",
  "id": "GHSA-8fmp-37rc-p5g7",
  "modified": "2026-04-08T19:26:19Z",
  "published": "2026-03-03T19:53:02Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-8fmp-37rc-p5g7"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-22177"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openclaw/openclaw/commit/2cdbadee1f8fcaa93302d7debbfc529e19868ea4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/openclaw/openclaw"
    },
    {
      "type": "WEB",
      "url": "https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-config-env-vars"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "OpenClaw\u0027s config env vars allowed startup env injection into service runtime"
}

Mitigation MIT-46
Architecture and Design

Strategy: Separation of Privilege

  • Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
  • Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation
Implementation Architecture and Design

Because setting manipulation covers a diverse set of functions, any attempt at illustrating it will inevitably be incomplete. Rather than searching for a tight-knit relationship between the functions addressed in the setting manipulation category, take a step back and consider the sorts of system values that an attacker should not be allowed to control.

Mitigation
Implementation Architecture and Design

In general, do not allow user-provided or otherwise untrusted data to control sensitive values. The leverage that an attacker gains by controlling these values is not always immediately obvious, but do not underestimate the creativity of the attacker.

CAPEC-13: Subverting Environment Variable Values

The adversary directly or indirectly modifies environment variables used by or controlling the target software. The adversary's goal is to cause the target software to deviate from its expected operation in a manner that benefits the adversary.

CAPEC-146: XML Schema Poisoning

An adversary corrupts or modifies the content of XML schema information passed between a client and server for the purpose of undermining the security of the target. XML Schemas provide the structure and content definitions for XML documents. Schema poisoning is the ability to manipulate a schema either by replacing or modifying it to compromise the programs that process documents that use this schema.

CAPEC-176: Configuration/Environment Manipulation

An attacker manipulates files or settings external to a target application which affect the behavior of that application. For example, many applications use external configuration files and libraries - modification of these entities or otherwise affecting the application's ability to use them would constitute a configuration/environment manipulation attack.

CAPEC-203: Manipulate Registry Information

An adversary exploits a weakness in authorization in order to modify content within a registry (e.g., Windows Registry, Mac plist, application registry). Editing registry information can permit the adversary to hide configuration information or remove indicators of compromise to cover up activity. Many applications utilize registries to store configuration and service information. As such, modification of registry information can affect individual services (affecting billing, authorization, or even allowing for identity spoofing) or the overall configuration of a targeted application. For example, both Java RMI and SOAP use registries to track available services. Changing registry values is sometimes a preliminary step towards completing another attack pattern, but given the long term usage of many registry values, manipulation of registry information could be its own end.

CAPEC-270: Modification of Registry Run Keys

An adversary adds a new entry to the "run keys" in the Windows registry so that an application of their choosing is executed when a user logs in. In this way, the adversary can get their executable to operate and run on the target system with the authorized user's level of permissions. This attack is a good way for an adversary to run persistent spyware on a user's machine, such as a keylogger.

CAPEC-271: Schema Poisoning

An adversary corrupts or modifies the content of a schema for the purpose of undermining the security of the target. Schemas provide the structure and content definitions for resources used by an application. By replacing or modifying a schema, the adversary can affect how the application handles or interprets a resource, often leading to possible denial of service, entering into an unexpected state, or recording incomplete data.

CAPEC-579: Replace Winlogon Helper DLL

Winlogon is a part of Windows that performs logon actions. In Windows systems prior to Windows Vista, a registry key can be modified that causes Winlogon to load a DLL on startup. Adversaries may take advantage of this feature to load adversarial code at startup.

CAPEC-69: Target Programs with Elevated Privileges

This attack targets programs running with elevated privileges. The adversary tries to leverage a vulnerability in the running program and get arbitrary code to execute with elevated privileges.

CAPEC-76: Manipulating Web Input to File System Calls

An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

CAPEC-77: Manipulating User-Controlled Variables

This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An adversary can override variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the adversary can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.