3 matches found
Untrusted Search Path
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Untrusted Search Path via the CLOUDSDKPYTHON environment variable in the .env file during the Gmail setup process. An attacker can cause unintended Python runtime execution by manipulatin...
GHSA-9FR2-P65V-GQXQ Duplicate Advisory: Workspace .env CLOUDSDK_PYTHON could influence Gmail setup gcloud execution
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-fq9j-vw4w-fr6v. This link is maintained to preserve external references. Original Description OpenClaw before 2026.5.2 contains an environment variable injection vulnerability allowing workspace .env files to...
CVE-2026-53842
OpenClaw prior to 2026.5.2 is affected by an environment variable injection in CLOUDSDK_PYTHON that can influence Python runtime selection during Gmail setup gcloud execution. Attackers with repository access can set CLOUDSDK_PYTHON to point to unintended local Python paths, potentially enabling ...