Lucene search
K

11 matches found

NVD
NVD
added 2026/05/05 12:16 p.m.9 views

CVE-2026-43531

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

8.8CVSS0.00203EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/05 11:25 a.m.6 views

CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References3
CVE
CVE
added 2026/05/05 11:25 a.m.15 views

CVE-2026-43531

OpenClaw is vulnerable prior to version 2026.4.9 due to an environment variable injection flaw that allows malicious workspace .env files to set runtime-control variables. This can alter update sources, gateway URLs, ClawHub resolution, and browser executable paths, potentially changing applicati...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/05/05 11:25 a.m.36 views

CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

7.3CVSS0.00203EPSS
Exploits0References3
EUVD
EUVD
added 2026/05/05 11:25 a.m.6 views

EUVD-2026-27273

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.17 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.9 contained security vulnerabilities. These vulnerabilities were caused by environmental variable injection, allowing malicious workarea.env files to set runtime control...

8.8CVSS5.8AI score0.00203EPSS
Exploits0References1
Snyk
Snyk
added 2026/04/17 9:56 p.m.11 views

External Control of System or Configuration Setting

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to External Control of System or Configuration Setting via the loading of workspace .env files. An attacker can manipulate runtime-control variables by crafting a malicious .env file that se...

8.8CVSS5.7AI score0.00203EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/17 9:56 p.m.11 views

OpenClaw: Workspace .env could inject OpenClaw runtime-control variables

Summary Workspace .env could inject OpenClaw runtime-control variables. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.4.9 Impact A malicious workspace .env file could set OpenClaw runtime-control variables affecting update sources, gateway URLs,...

8.8CVSS5.7AI score0.00203EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.9 views

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References7
OPENSUSE Linux
OPENSUSE Linux
added 2021/03/20 12:0 a.m.27 views

Security update for connman (moderate)

openSUSE Security Update: Security update for connman Announcement ID: openSUSE-SU-2021:0452-1 Rating: moderate References: 1181751 Cross-References: CVE-2021-26675 CVE-2021-26676 CVSS scores: CVE-2021-26675 NVD : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-26676 NVD : 6.5...

8.8CVSS8.4AI score0.01301EPSS
Exploits0References1
CNVD
CNVD
added 2018/05/28 12:0 a.m.2 views

SAP Internet Transaction Server Cross-Site Scripting Vulnerability

SAP Internet Transaction Server ITS is an Internet-based transaction service program. A cross-site scripting vulnerability exists in SAP ITS version 6200.X.X. A remote attacker can inject arbitrary Web script or HTML with the help of wgate URIs. A remote attacker can exploit this vulnerability to...

6.1CVSS5.9AI score0.08305EPSS
Exploits4References1
Rows per page
Query Builder