Security Advisory - Published 2026-06-17 - OpenClaw / Node.js Tooling
CVE-2026-53864: check OpenClaw workspace environment controls
CVE-2026-53864 affects OpenClaw before 2026.5.26. The issue sits in environment sanitization: untrusted workspace settings, tool overrides, or skill environment blocks may pass Node.js control variables farther than intended.
Who should check
- OpenClaw deployments before 2026.5.26.
- Shared workspaces where users can submit projects, skills, tools, or environment blocks.
- CI, preview, or agent-worker hosts that run Node.js child processes from workspace context.
- Teams that allow project-level
.envfiles or tool-specific environment overrides.
Owner self-check
rg -n "openclaw|workspace|skill|tool|environment|env" package.json pnpm-lock.yaml yarn.lock package-lock.json .
find . -name ".env*" -o -name "*skill*" -o -name "*tool*" | head -120
rg -n "NODE_|child_process|spawn\\(|execFile\\(|coverage|env:" . 2>/dev/null Treat project-provided environment values as untrusted unless they are explicitly filtered at the worker boundary. If users can upload or sync workspaces, review the worker logs before assuming no exposure.
What to review
- Workspace
.envfiles added or changed after June 16, 2026. - Tool configuration that forwards environment values into Node.js child processes.
- Skill blocks that define process environment settings or output paths.
- Coverage, build, cache, and report directories written outside expected workspace paths.
- Worker logs showing unexpected child process arguments, output locations, or failed sanitization messages.
Safe fix path
- Upgrade OpenClaw to 2026.5.26 or newer.
- Restart agent workers after patching so old sanitizer code is not still running.
- Clear queued jobs from untrusted workspaces if they were submitted before the patch.
- Enforce environment allow-lists at the worker boundary. UI validation alone is not enough.
- Rotate secrets available to affected workers if logs show unexpected process behavior.
When to request repair
Use Ping7 CVE Repair if an OpenClaw worker handled untrusted workspaces, output paths changed unexpectedly, or secrets were available to Node.js child processes during the exposure window. Send the OpenClaw version, worker deployment model, and a redacted example of the workspace environment policy.