CVE-2026-44995 MEDIUM

CVE-2026-44995: OpenClaw < 2026.4.20 - Arbitrary Code Execution via MCP stdio Environment Variables

Vendor Openclaw
Product OpenClaw
Weakness CWE-829 · Inclusion from untrusted sphere
Published May 11, 2026
Last update May 11, 2026

CVSS base score

5.4/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

01Description

OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace configurations can pass dangerous startup variables like NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions using those servers.

Key dates

02Disclosure timeline

May 11, 2026 CVE published
May 11, 2026 Record updated