Lucene search
K

7 matches found

Cvelist
Cvelist
added 2026/05/06 7:49 p.m.50 views

CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS0.00392EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 7:49 p.m.6 views

CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy

OpenClaw before 2026.4.10 contains an insufficient environment variable denylist vulnerability in its exec environment policy that allows operator-supplied overrides of high-risk interpreter startup variables including VIMINIT, EXINIT, LUAINIT, and HOSTALIASES. Attackers can exploit this by...

8.8CVSS5.9AI score0.00392EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 12:16 a.m.8 views

CVE-2026-41330

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 11:8 p.m.30 views

CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 11:8 p.m.9 views

CVE-2026-41330

OpenClaw (npm) vulnerable through host exec policy: environment variable overrides allow bypassing proxy, TLS verification, Docker restrictions, and Git TLS enforcement. Affected versions = 2026.3.31.

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.18 views

PT-2026-33872

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References4
Rows per page
Query Builder