Lucene search
K

8 matches found

OSV
OSV
added 2026/04/24 12:31 a.m.9 views

GHSA-WCM7-94WG-H74H Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/24 12:31 a.m.9 views

Duplicate Advisory: OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-6p8r-6m93-557f. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/23 9:57 p.m.2 views

CVE-2026-41332 OpenClaw < 2026.3.28 - Code Execution via Missing Environment Variable Blocklist

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS5.5AI score0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/23 9:57 p.m.4 views

CVE-2026-41332

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GITTEMPLATEDIR and AWSCONFIGFILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration files ...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References3
CVE
CVE
added 2026/04/23 9:57 p.m.27 views

CVE-2026-41332

OpenClaw before 2026.3.28 is vulnerable to a code execution path via an incomplete host-env blocklist: GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked. Exploitation can occur through approved exec requests that cause git or AWS CLI to behave based on attacker-controlled configuration files, ...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/23 12:0 a.m.6 views

PT-2026-34763

OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT TEMPLATE DIR and AWS CONFIG FILE are not blocked in the host-env blocklist. Attackers can exploit approved exec requests to redirect git or AWS CLI behavior through attacker-controlled configuration...

5.8CVSS5.9AI score0.00105EPSS
Exploits0References4
OSV
OSV
added 2026/03/31 11:57 p.m.2 views

GHSA-M866-6QV5-P2FG OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Summary Host execution env sanitization did not block GITTEMPLATEDIR or AWSCONFIGFILE, even though both can redirect trusted tooling to attacker-controlled content. Impact An approved exec request could redirect git or AWS CLI behavior through attacker-controlled configuration and execute untrust...

4.9CVSS6.2AI score0.00105EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/03/31 11:57 p.m.6 views

OpenClaw host-env blocklist missing `GIT_TEMPLATE_DIR` and `AWS_CONFIG_FILE` allows code execution via env override

Summary Host execution env sanitization did not block GITTEMPLATEDIR or AWSCONFIGFILE, even though both can redirect trusted tooling to attacker-controlled content. Impact An approved exec request could redirect git or AWS CLI behavior through attacker-controlled configuration and execute untrust...

5.8CVSS6.2AI score0.00105EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder