VDB
KO
MEDIUM

GHSA-98ch-45wp-ch47

OpenClaw: Windows-compatible env override keys could bypass system.run approval binding

Details

## Summary

Before OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time.

## Impact

An approved command could run with attacker-chosen environment overrides that were not represented in the approval binding. This created an approval-integrity gap for affected host-exec flows.

## Affected Packages / Versions

- Package: `openclaw` (npm) - Affected versions: `<= 2026.4.1` - Patched versions: `>= 2026.4.2` - Latest published npm version: `2026.4.1`

## Fix Commit(s)

- `7eb094a00d80e9f6bf0e62f2c45d3b88ff67c04d` — align approval binding with execution-time env-key normalization

## Release Process Note

The fix is present on `main` and is staged for OpenClaw `2026.4.2`. Publish this advisory after the `2026.4.2` npm release is live.

Thanks @iskindar for reporting, and thanks @wsparks-vc for coordination.

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / openclaw
Introduced in: 0 Fixed in: 2026.4.2
Fix npm install openclaw@2026.4.2

References