Duplicate Advisory: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-55cf-xx38-4p9p. This link is maintained to preserve external references. Original Description OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost,...

CVE-2026-45003 OpenClaw < 2026.4.22 - Connector Endpoint Host Override via Workspace dotenv Files

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files...

GHSA-55CF-XX38-4P9P OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

Summary Workspace dotenv files cannot override connector endpoint hosts. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.4.21 - Fixed version: 2026.4.22 Impact A workspace .env file could set connector endpoint variables for Matrix, Mattermost, IRC, or...

NPM: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts

NPM: OpenClaw: Workspace dotenv files cannot override connector endpoint hosts vulnerability discovered by ? in WordPress Npm openclaw versions = 2026.4.21...