{"data":{"id":"43d8065c-d95e-431d-8acf-5ffd460c8c4f","title":"GHSA-m866-6qv5-p2fg: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override","summary":"OpenClaw's host environment sanitization (a security check that removes dangerous settings before running code) was missing protections for two environment variables: `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE`. An attacker could exploit this by approving a code execution request that redirects git or AWS tools to attacker-controlled files, allowing them to run untrusted code or steal credentials.","solution":"Upgrade to OpenClaw version 2026.3.28 or later. The fix was implemented in commit `6eb82fba3c` titled 'Infra: block additional host exec env keys', which adds `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` to the blocklist in `src/infra/host-env-security-policy.json` and `src/infra/host-env-security.ts`.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-m866-6qv5-p2fg","publishedAt":"2026-03-31T23:57:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"medium","severity":"medium","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["openclaw@<= 2026.3.24 (fixed: 2026.3.28)"],"affectedVendors":[],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-03-31T23:57:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"inference","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}