openclaw (npm)>= 2026.4.5, < 2026.4.202026.4.20A malicious workspace .env could set MINIMAX_API_HOST and redirect credentialed MiniMax requests to an attacker-controlled origin, exposing the MiniMax API key in the outbound Authorization header.
This requires running OpenClaw from an attacker-controlled workspace. Severity is medium.
OpenClaw now blocks MINIMAX_API_HOST from workspace dotenv injection and removes env-driven URL routing from the affected MiniMax request path.
Fix commit:
2f06696579a1ab0cb5bbbbb6a900414a6b2e3cd1Fixed in OpenClaw 2026.4.20.
| Score | Percentile |
|---|---|
| 0.01% | 1.20% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 6.8 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-h2vw-ph2c-jvwf ↗ |
| CVE | CVE-2026-44992 ↗ |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | >= 2026.4.5, < 2026.4.20 | 2026.4.20 | — |