GHSA-w9j9-w4cp-6wgr: OpenClaw Host-Exec Environment Variable Injection

April 9, 2026

OpenClaw Host-Exec Environment Variable Injection.

Host exec could inherit environment variables that influence interpreters, shells, or build tools.

OpenClaw is a user-controlled local assistant. This advisory is scoped to the OpenClaw trust model and does not assume a multi-tenant service boundary.

References

github.com/advisories/GHSA-w9j9-w4cp-6wgr
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-w9j9-w4cp-6wgr

Code Behaviors & Features

Detect and mitigate GHSA-w9j9-w4cp-6wgr with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →