CVE-2026-45003 — MEDIUM (5.0)

Q: How severe is CVE-2026-45003?

CVE-2026-45003 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-45003?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime traffic to malicious endpoints by setting endpoint variables in dotenv files.

CVSS Score

5.0

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.4.22

Related Weaknesses (CWE)

CWE-441

References

https://github.com/openclaw/openclaw/commit/0623079e98abf7202591f1b04a89755eb7ecPatch
https://github.com/openclaw/openclaw/security/advisories/GHSA-55cf-xx38-4p9pThird Party Advisory
https://www.vulncheck.com/advisories/openclaw-connector-endpoint-host-override-vThird Party AdvisoryPatch

FAQ

What is CVE-2026-45003?

CVE-2026-45003 is a vulnerability with a CVSS score of 5.0 (MEDIUM). OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime ...

How severe is CVE-2026-45003?

CVE-2026-45003 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-45003?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.