NPM: OpenClaw: Agent gateway config mutations could change protected operator settings

NPM: OpenClaw: Agent gateway config mutations could change protected operator settings vulnerability discovered by ? in WordPress Npm openclaw versions 2026.4.20...

OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Bundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a...

GHSA-QRP5-GFW2-GXV4 OpenClaw: Bundled MCP/LSP tools could bypass configured tool policy

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Bundled MCP and LSP tools could be appended to the agent's effective tool set after the normal tool-policy pipeline had already filtered core tools. If an operator configured a...

OpenClaw: Paired-device pairing actions were not limited to the caller device

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...

GHSA-XRQ9-JM7V-G9H7 OpenClaw: Paired-device pairing actions were not limited to the caller device

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact A paired device session with limited pairing scope could enumerate global pairing state and act on pairing requests that belonged to another device within the same gateway scope...

OpenClaw: MCP stdio server env could load dangerous startup variables from workspace config

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Workspace MCP stdio configuration could pass dangerous process-startup environment variables such as NODEOPTIONS, LDPRELOAD, or BASHENV to the spawned MCP server process. In a...

GHSA-HXVM-XJVF-93F3 OpenClaw: Workspace dotenv could override runtime-control environment variables

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Workspace .env loading did not reserve the OPENCLAW runtime-control namespace broadly enough. A malicious workspace could set variables such as OPENCLAWGITDIR before source-upda...

OpenClaw: Hook mapping templates could bypass hook session-key opt-in

Affected Packages / Versions - Package: openclaw npm - Affected versions: 2026.4.20 - Patched version: 2026.4.20 Impact Templated hook mapping sessionKey values were treated differently from request-supplied session keys. A hook mapping could render an externally influenced session key even when...