平台
nodejs
组件
openclaw
修复版本
2026.2.20
2026.2.21
CVE-2026-4039 is a medium-severity vulnerability affecting OpenClaw, a Node.js application. This vulnerability allows an attacker to inject process-level variables by manipulating skill configuration data, potentially influencing runtime behavior and child-process execution. The vulnerability impacts versions prior to 2026.2.21 and has been resolved with a fix that sanitizes skill configuration.
The core of the vulnerability lies in the applySkillConfigEnvOverrides function, which previously copied environment variables from skill configurations directly into the host process's environment (process.env) without proper sanitization. An attacker who can modify the OpenClaw local state, specifically the ~/.openclaw/openclaw.json file, can inject malicious environment variables. This is particularly concerning because variables like NODE_OPTIONS can directly influence how Node.js applications execute, potentially allowing for arbitrary code execution or denial-of-service. The impact is amplified if OpenClaw is used in environments where untrusted code is executed or where process isolation is critical. Successful exploitation could lead to complete compromise of the affected Node.js process.
CVE-2026-4039 was publicly disclosed on February 27, 2026. There is currently no indication of active exploitation or a KEV listing. The vulnerability requires local access to modify the OpenClaw configuration file, which limits the attack surface. Public proof-of-concept code is not currently available, but the relatively straightforward nature of the vulnerability suggests that it may be developed in the future.
Organizations using OpenClaw, particularly those deploying it in environments where untrusted code is executed or where process isolation is critical, are at risk. Developers who directly modify OpenClaw configuration files or integrate OpenClaw into custom applications are also at increased risk.
• nodejs / supply-chain:
Get-Process -Name openclaw | Select-Object -ExpandProperty Path• nodejs / supply-chain:
Get-ChildItem -Path $env:USERPROFILE/\.openclaw/openclaw.json -Recurse• linux / server:
ls -l ~/.openclaw/openclaw.json• linux / server:
journalctl -u openclaw | grep -i "skill config"disclosure
漏洞利用状态
EPSS
0.09% (25% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-4039 is to upgrade OpenClaw to version 2026.2.21 or later. This version includes a fix that sanitizes skill configuration data, preventing the injection of malicious environment variables. If upgrading immediately is not feasible, restrict access to the ~/.openclaw/openclaw.json file to prevent unauthorized modification. Consider implementing input validation on any data sources used to populate skill configurations. After upgrading, verify the fix by attempting to inject a known malicious environment variable (e.g., NODE_OPTIONS=--inspect) into the skill configuration and confirming that it is not reflected in the host process's environment.
升级 OpenClaw 到 2026.2.21-beta.1 或更高版本。此更新修复了 Skill Env Handler 组件中的代码注入漏洞。
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-4039 is a medium-severity vulnerability in OpenClaw where unsanitized skill configuration data can inject process-level variables, potentially influencing runtime behavior.
You are affected if you are using OpenClaw versions prior to 2026.2.21 and have not applied the fix.
Upgrade OpenClaw to version 2026.2.21 or later to sanitize skill configuration data and prevent the vulnerability.
There is currently no indication of active exploitation, but the vulnerability's nature suggests potential for future exploitation.
Refer to the OpenClaw project's official release notes and security advisories for details on CVE-2026-4039 and the fix.
上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。