CVE-2026-44992
Environment Variable Injection in OpenClaw
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| minimax | minimax_api | From 2026.4.20 (exc) |
| openclaw | openclaw | to 2026.4.20 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-441 | The product receives a request, message, or directive from an upstream component, but the product does not sufficiently preserve the original source of the request before forwarding the request to an external actor that is outside of the product's control sphere. This causes the product to appear to be the source of the request, leading it to act as a proxy or other intermediary between the upstream component and the external actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in OpenClaw versions 2026.4.5 through 2026.4.19 and involves an environment variable injection flaw. Specifically, a malicious workspace .env file can override the MINIMAX_API_HOST environment variable. This allows attackers to redirect MiniMax API requests, which normally use credentialed access, to attacker-controlled servers. As a result, the MiniMax API key included in the Authorization headers of these requests can be exposed to the attacker.
The root cause is that workspace dotenv files were allowed to inject or override certain environment variables, including MINIMAX_API_HOST, enabling unauthorized API host redirection.
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to the exposure of sensitive API credentials, specifically the MiniMax API key, by redirecting authorized API requests to attacker-controlled servers.
This exposure could allow attackers to misuse the API key for unauthorized actions or gain further access to systems relying on MiniMax API authentication.
However, exploitation requires that the attacker has control over the workspace environment where OpenClaw is running, such as by injecting a malicious .env file.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the OpenClaw version in use is between 2026.4.5 and before 2026.4.20, as these versions are vulnerable to environment variable injection via workspace .env files.
You can inspect workspace .env files for the presence of the MINIMAX_API_HOST environment variable, which should not be set or overridden by these files in vulnerable versions.
On the system or network, monitoring outbound MiniMax API requests for unusual or unexpected destination URLs can help detect exploitation attempts, especially if the Authorization header containing the MiniMax API key is sent to unknown or attacker-controlled hosts.
Suggested commands include:
- Search for MINIMAX_API_HOST in workspace .env files: `grep -r MINIMAX_API_HOST /path/to/workspace/.env`
- Check OpenClaw version: `openclaw --version` or inspect package.json or installed package metadata.
- Monitor network traffic for MiniMax API requests and verify the destination host: use tools like `tcpdump`, `wireshark`, or `curl` with verbose output to inspect request headers.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.4.20 or later, where the vulnerability has been patched.
This update blocks the injection of the MINIMAX_API_HOST environment variable via workspace .env files and removes environment-driven URL routing for MiniMax API requests.
Additionally, review and remove any MINIMAX_API_HOST settings from workspace .env files to prevent unauthorized overrides.
Limit workspace control to trusted users only, as exploitation requires running OpenClaw from an attacker-controlled workspace.