Lucene search
K

5 matches found

EUVD
EUVD
added 2026/04/24 12:31 a.m.6 views

EUVD-2026-25315

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References3
OSV
OSV
added 2026/04/24 12:31 a.m.9 views

GHSA-WCM7-94WG-H74H Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2026/04/23 10:16 p.m.7 views

CVE-2026-41332

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS0.00105EPSS
Exploits0References2
CVE
CVE
added 2026/04/23 9:57 p.m.24 views

CVE-2026-41332

OpenClaw before 2026.3.28 is vulnerable to a code execution path via an incomplete host-env blocklist: GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked. Exploitation can occur through approved exec requests that cause git or AWS CLI to behave based on attacker-controlled configuration files, ...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder