4 matches found
CVE-2026-41373
OpenClaw vulnerable before 2026.3.31 due to an incomplete host-env-security-policy.json that does not restrict compiler environment variables. This allows untrusted models to substitute compiler binaries (CC, CXX, CARGO_BUILD_RUSTC, CMAKE_C_COMPILER) via environment overrides when an approved hos...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities were caused by an issue with environment variable overrides in the host execution policy, which could allow attacker...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.22 contained security vulnerabilities. These vulnerabilities stemmed from inconsistent handling of environment variable overrides, which could allow attackers to provide overrid...
Improper Privilege Management
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Privilege Management in the handling of environment variable overrides for proxy, TLS, Docker, and Git TLS controls. An attacker can bypass intended security restrictions by...