Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-44992

OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax API requests to attacker-controlled origins, exposing the MiniMax API key in Authorization headers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 1.3%
CVSS Severity
CVSS v3 Score 5.0
Products affected by CVE-2026-44992
  • Openclaw » Openclaw » Version: 2026.4.10
    cpe:2.3:a:openclaw:openclaw:2026.4.10
  • Openclaw » Openclaw » Version: 2026.4.11
    cpe:2.3:a:openclaw:openclaw:2026.4.11
  • Openclaw » Openclaw » Version: 2026.4.12
    cpe:2.3:a:openclaw:openclaw:2026.4.12
  • Openclaw » Openclaw » Version: 2026.4.14
    cpe:2.3:a:openclaw:openclaw:2026.4.14
  • Openclaw » Openclaw » Version: 2026.4.15
    cpe:2.3:a:openclaw:openclaw:2026.4.15
  • Openclaw » Openclaw » Version: 2026.4.19
    cpe:2.3:a:openclaw:openclaw:2026.4.19
  • Openclaw » Openclaw » Version: 2026.4.5
    cpe:2.3:a:openclaw:openclaw:2026.4.5
  • Openclaw » Openclaw » Version: 2026.4.7
    cpe:2.3:a:openclaw:openclaw:2026.4.7
  • Openclaw » Openclaw » Version: 2026.4.7-1
    cpe:2.3:a:openclaw:openclaw:2026.4.7-1
  • Openclaw » Openclaw » Version: 2026.4.8
    cpe:2.3:a:openclaw:openclaw:2026.4.8
  • Openclaw » Openclaw » Version: 2026.4.9
    cpe:2.3:a:openclaw:openclaw:2026.4.9


Products
Pricing
Contact Us

Shodan ® - All rights reserved