AI Threat Alert AI Threat Alert

GHSA-j6c7-3h5x-99g9

GHSA-j6c7-3h5x-99g9 MEDIUM
Published April 17, 2026

## Summary Shell-wrapper detection missed env-argv assignment injection forms. ## Affected Packages / Versions - Package: `openclaw` - Ecosystem: npm - Affected versions: `>= 2026.2.22 < 2026.4.12` - Patched versions: `>= 2026.4.12` ## Impact Exec preflight handling missed shell-wrapper and...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
openclaw npm >= 2026.2.22, < 2026.4.12 2026.4.12
2 dependents 92% patched ~1d to patch Full package profile →

Do you use openclaw? You're affected.

Severity & Risk

CVSS 3.1
N/A
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Recommended Action

Patch available

Update openclaw to version 2026.4.12

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is GHSA-j6c7-3h5x-99g9?

OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Is GHSA-j6c7-3h5x-99g9 actively exploited?

No confirmed active exploitation of GHSA-j6c7-3h5x-99g9 has been reported, but organizations should still patch proactively.

How to fix GHSA-j6c7-3h5x-99g9?

Update to patched version: openclaw 2026.4.12.

What is the CVSS score for GHSA-j6c7-3h5x-99g9?

No CVSS score has been assigned yet.

Technical Details

NVD Description

## Summary Shell-wrapper detection missed env-argv assignment injection forms. ## Affected Packages / Versions - Package: `openclaw` - Ecosystem: npm - Affected versions: `>= 2026.2.22 < 2026.4.12` - Patched versions: `>= 2026.4.12` ## Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could affect execution semantics, including high-risk shell environment controls. ## Technical Details The fix broadens shell-wrapper detection and blocks environment assignments in argv forms. High-risk shell variables such as `SHELLOPTS` and `PS4` are covered by the host environment security policy. ## Fix The issue was fixed in #65717. The first stable tag containing the fix is `v2026.4.12`, and `openclaw@2026.4.14` includes the fix. ## Fix Commit(s) - `8f8492d172f4c5b4fd7dd9a47855ed620c8770ab` - PR: #65717 ## Release Process Note Users should upgrade to `openclaw` 2026.4.12 or newer. The latest npm release, `2026.4.14`, already includes the fix. ## Credits Thanks to @decsecre583 for reporting this issue.

Weaknesses (CWE)

CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Primary

References

Timeline

Published
April 17, 2026
Last Modified
April 17, 2026
First Seen
April 18, 2026

Related Vulnerabilities

CRITICAL CVE-2026-30741 9.8

OpenClaw: RCE via request-side prompt injection

Same package: openclaw
CRITICAL CVE-2026-28451 9.3

OpenClaw: SSRF via Feishu extension exposes internal services

Same package: openclaw
HIGH GHSA-m3mh-3mpg-37hw 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

Same package: openclaw
HIGH CVE-2026-27001 7.8

OpenClaw: prompt injection via unsanitized workspace path

Same package: openclaw
HIGH GHSA-hr5v-j9h9-xjhg 7.7

OpenClaw: sandbox escape via mediaUrl path traversal

Same package: openclaw
Back to Threat Feed