OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace...

4.1 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Description

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

Basic Information

ID CVE-2026-45003

Source VulnCheck

Published May 11, 2026 at 16:46

Affected Product

Vendor OpenClaw

Product OpenClaw

Affected Versions OpenClaw OpenClaw 0

CWE Classification

CWE-441

References

{
    "lastseen": "",
    "description": "OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.",
    "published": "2026-05-11T16:46:41.355Z",
    "modified": "2026-05-11T16:46:41.355Z",
    "type": "cve",
    "title": "OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files",
    "source": "VulnCheck",
    "references": "https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p\nhttps://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272\nhttps://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files",
    "id": "CVE-2026-45003",
    "bulletinFamily": "",
    "cwe": [
        "CWE-441"
    ],
    "cvelist": null,
    "sourceData": "OpenClaw OpenClaw 0",
    "sourceHref": "",
    "cvss": {
        "score": 4.1,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "OpenClaw",
    "version": "0",
    "vendor": "OpenClaw",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files_CVE-2026-45003