EUVD-2026-27273

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

CVE-2026-41396

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

CVE-2026-41396 OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

CVE-2026-41396

OpenClaw is affected prior to version 2026.3.31. Affected: openclaw (npm). Vulnerability: workspace .env files can override OPENCLAW_BUNDLED_PLUGINS_DIR, allowing manipulation of the bundled plugin trust root and undermining plugin trust verification. Impact: attackers with control over workspace...

GHSA-JX3C-247H-CXWP Duplicate Advisory: OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-3qpv-xf3v-mm45. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable,...

CVE-2026-41336

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

CVE-2026-41336

OpenClaw prior to 2026.3.31 is vulnerable: workspace .env files can override OPENCLAW_BUNDLED_HOOKS_DIR, allowing attacker-controlled hooks to be loaded and arbitrary code executed. The impact is high (local attack, attacker-controlled code, potential concealment of changes) as described in CVE-2...

CVE-2026-41336 OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

CVE-2026-41336

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

GHSA-7WV4-CC7P-JHXC OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

Summary Workspace .env could inject OpenClaw runtime-control variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs,...

OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

Summary Workspace .env could inject OpenClaw runtime-control variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs,...

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

GHSA-QCJ9-WWGW-6GM8 OpenClaw: Workspace `.env` can override the bundled plugin trust root

Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...

OpenClaw: Workspace `.env` can override the bundled plugin trust root

Summary Workspace .env can override the bundled plugin trust root Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDPLUGINSDIR, but critical is too high because exploitation still depends on...

OpenClaw: Workspace `.env` can override the bundled hooks root and load attacker hook code

Summary Workspace .env can override the bundled hooks root and load attacker hook code Current Maintainer Triage - Status: open - Normalized severity: high - Assessment: v2026.3.28 still lets workspace .env override OPENCLAWBUNDLEDHOOKSDIR, which can replace trusted default-on bundled hooks from ...

CVE-2026-33881

Windmill CVE-2026-33881 affects the NativeTS executor in Windmill’s workspace environment. The flaw arises because workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes, allowing a workspace admin to inject arbitrary JavaScript that ...

CVE-2026-33881 Windmill: Rogue Workspace Admins can inject code via unescaped workspace environment variable interpolation in NativeTS executor

Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are interpolated into JavaScript string literals without escaping single quotes in the NativeTS executor. A workspace admin who sets a custom environmen...

CVE-2025-66411

Summary of CVE-2025-66411 (Coder) Coder prior to versions 2.26.5, 2.27.7, and 2.28.4 logs Workspace Agent manifests containing sensitive values in plaintext. This could allow an attacker with limited local access to a Coder Workspace (VM, Kubernetes Pod, etc.) or a connected logging system (e.g.,...

Unable to login to WEM Web Console

When Login to Workspace Environment Management Web Console get the message "The user name or password is incorrect. Try again."...

Citrix Virtual Apps and Desktop Profile Management (UPM, WEM)

Citrix Profile Management Introduction Profile Management is intended as a profile solution for Citrix Virtual Apps servers, virtual desktops created with Citrix Virtual Desktops, and physical desktops. You install Profile Management on each computer whose profiles you want to manage. Active...