applySkillConfigEnvOverrides previously copied skills.entries.*.env values into the host process.env without applying the host env safety policy.
In affected versions, dangerous process-level variables such as NODE_OPTIONS could be injected when unset, which can influence runtime/child-process behavior.
An attacker must be able to modify OpenClaw local state/config (for example ~/.openclaw/openclaw.json) to set skills.entries.<skill>.env or related skill config values.
Fixed in 2026.2.21 by sanitizing skill env overrides and blocking dangerous host env keys (including NODE_OPTIONS) before applying overrides, with regression tests covering blocked dangerous keys.
8c9f35cdb51692b650ddf05b259ccdd75cc9a83cFound using MCPwner
| Score | Percentile |
|---|---|
| 0.10% | 27.72% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 5.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-82g8-464f-2mv7 ↗ |
| CVE | CVE-2026-4039 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | < 2026.2.21 | 2026.2.21 | — |