CVE-2026-45003

MEDIUM 5.0

OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

CVSS Score

5.0

EPSS Score

0.0%

EPSS Percentile

0th

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

CWE	CWE-441
Vendor	openclaw
Product	openclaw
Published	May 11, 2026
Last Updated	May 11, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

OpenClaw / OpenClaw

0 < 2026.4.22

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9p github.com: https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ec9272 vulncheck.com: https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-via-workspace-dotenv-files

Credits

🔍 Qi Deng (@qi-scape)