Nixpkgs security tracker

Login with GitHub

Suggestion detail

Dismissed
Permalink CVE-2026-4039
6.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV):
  • Attack complexity (AC):
  • Privileges required (PR):
  • User interaction (UI):
  • Scope (S):
  • Confidentiality impact (C):
  • Integrity impact (I):
  • Availability impact (A):
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse dismissed 1 month, 2 weeks ago
OpenClaw Skill Env applySkillConfigenvOverrides code injection

A vulnerability was determined in OpenClaw 2026.2.19-2. This vulnerability affects the function applySkillConfigenvOverrides of the component Skill Env Handler. Executing a manipulation can lead to code injection. It is possible to launch the attack remotely. Upgrading to version 2026.2.21-beta.1 is able to resolve this issue. This patch is called 8c9f35cdb51692b650ddf05b259ccdd75cc9a83c. It is recommended to upgrade the affected component.

Affected products

OpenClaw
  • ==2026.2.19-2
  • ==2026.2.21-beta.1

Matching in nixpkgs

Package maintainers

Upstream advisory: https://github.com/openclaw/openclaw/security/advisories/GHSA-82g8-464f-2mv7

nixpkgs was never impacted, package was initialized at 2026.2.26