CVE-2026-45003 PUBLISHED

OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

Assigner: VulnCheck
Reserved: 08.05.2026 Published: 11.05.2026 Updated: 11.05.2026

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

Metrics

CVSS Vector: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
CVSS Score: 4.1

Product Status

Vendor OpenClaw
Product OpenClaw
Versions Default: unaffected
  • affected from 0 to 2026.4.22 (excl.)
  • Version 2026.4.22 is unaffected

Credits

  • Qi Deng (@qi-scape) reporter

References

Problem Types

  • Unintended Proxy or Intermediary ('Confused Deputy') CWE