CVE-2026-4039

Description

### Summary `applySkillConfigEnvOverrides` previously copied `skills.entries.*.env` values into the host `process.env` without applying the host env safety policy. ### Impact In affected versions, dangerous process-level variables such as `NODE_OPTIONS` could be injected when unset, which can influence runtime/child-process behavior. ### Required attacker capability An attacker must be able to modify OpenClaw local state/config (for example `~/.openclaw/openclaw.json`) to set `skills.entries.<skill>.env` or related skill config values. ### Remediation Fixed in `2026.2.21` by sanitizing skill env overrides and blocking dangerous host env keys (including `NODE_OPTIONS`) before applying overrides, with regression tests covering blocked dangerous keys. ## Fix Commit(s) - `8c9f35cdb51692b650ddf05b259ccdd75cc9a83c` Found using [MCPwner](https://github.com/Pigyon/MCPwner)

How to fix CVE-2026-4039

To remediate CVE-2026-4039, upgrade the affected package to a fixed version below.

• —upgrade to 2026.2.21 or later

Is CVE-2026-4039 being exploited?

Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2026.2.21

CVSS scores

References (5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2026-4039
• PATCHgithub.com/openclaw/openclaw
• WEBgithub.com/openclaw/openclaw/commit/8c9f35cdb51692b650ddf05b259ccdd75cc9a83c
• WEBgithub.com/openclaw/openclaw/releases/tag/v2026.2.21