OpenClaw - Approval Bypass via Environment Variable Normalization

OpenClaw versions prior to commit b57b680 contain an approval bypass vulnerability due to inconsistent environment variable normalization between approval and execution paths, allowing attackers to inject attacker-controlled environment variables into execution without approval system validation. Attackers can exploit differing normalization logic to discard non-portable keys during approval processing while accepting them at execution time, bypassing operator review and potentially influencing runtime behavior including execution of attacker-controlled binaries.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N

不完整的黑名单

OpenClaw 安全漏洞

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw b57b680之前版本存在安全漏洞，该漏洞源于批准和执行路径之间环境变量规范化不一致，可能导致攻击者绕过操作员审查并注入受控环境变量。

N/A

N/A