CVE-2026-44995

high

Published 2026-05-11 · Modified 2026-05-19

CVSS v3

7.3

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CVSS v2

—

VIR risk

7.3

Description

OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Predictions

Exploit likelihood

72%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: disclosure@vulncheck.com — https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables

vendor Authored 2026-05-27

Vendor advisory: disclosure@vulncheck.com — https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af

Package impact

Ecosystem	Package	Vulnerable	Fixed
npm	openclaw	`<2026.4.20`	`2026.4.20`
NPM	openclaw	`< 2026.4.20`	`2026.4.20`

Application impact

Vendor	Product	Versions	Fixed
openclaw	openclaw	`{"endExcluding":"2026.4.20"}`	`2026.4.20`

References

https://github.com/openclaw/openclaw/commit/62fa5071896e95edc7f67d1cebc70a2859e283af
https://github.com/openclaw/openclaw/commit/85d86ebc4bf3d2226d39d132a484f4f7a299fa1b
https://github.com/openclaw/openclaw/security/advisories/GHSA-mj59-h3q9-ghfh
https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-mcp-stdio-environment-variables
https://nvd.nist.gov/vuln/detail/CVE-2026-44995
https://github.com/openclaw/openclaw
https://github.com/advisories/GHSA-mj59-h3q9-ghfh

CWEs

CWE-829

Verify integrity in audit chain (admin only). AS-IS.