OpenClaw/Clawdbot Docker Execution has Authenticated Command Injection via PATH Environment Variable
Summary A Command Injection vulnerability existed in Clawdbot’s Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable when constructing shell commands. An authenticated user able to control environment variables could influence command execution within the...