What is CVE-2026-44995?

An environment variable injection vulnerability in OpenClaw MCP stdio server configuration before 2026.4.20 that allows arbitrary code execution via dangerous startup variables.

How does CVE-2026-44995 work?

Malicious workspace configurations can pass NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to spawned MCP server processes, enabling code injection when operators start sessions.

What is the impact of CVE-2026-44995?

Full arbitrary code execution on the host system through environment variable injection into MCP server processes.

How to mitigate CVE-2026-44995?

Update OpenClaw to 2026.4.20 or later. Review all MCP server configurations in shared workspaces.

Which MCP servers are affected by CVE-2026-44995?

All MCP stdio server processes spawned by OpenClaw before 2026.4.20 are vulnerable to environment variable injection.

← Back to dashboard

clawsmith.com/signal/cve-2026-44995-env-var-injection-mcp-stdio

⚠ IssueWide OpenLive

CVE-2026-44995: Environment Variable Injection in OpenClaw MCP Stdio Server Config

OpenClaw before 2026.4.20 fails to validate environment variables passed to MCP stdio server processes. Malicious workspace configurations can inject NODE_OPTIONS, LD_PRELOAD, or BASH_ENV to achieve arbitrary code execution.

Product Idea from this Signal

A CLI tool that scans a running OpenClaw instance for active CVEs, malicious skills, and supply chain tampering before they get exploited

807 ▲

OpenClaw has accumulated 433+ CVEs in five months including critical auth bypasses (CVSS 9.8), sandbox escapes, and nation-state supply chain attacks targeting the npm ecosystem. Most operators have no idea which CVEs affect their specific version, whether their installed skills contain backdoors, or if their dependency tree has been tampered with. This tool runs a comprehensive security audit against a live OpenClaw instance and outputs an actionable remediation plan.

CLIOPEN-SOURCESECURITYDEVTOOLAUDIT

CompetitiveView Opportunity →