Lucene search
K

8 matches found

Cvelist
Cvelist
added 2026/04/28 6:10 p.m.29 views

CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...

5.8CVSS0.00115EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/28 12:0 a.m.10 views

PT-2026-35758

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An incomplete host-env-security-policy.json fails to restrict compiler binary environment variables. This allows untrusted models to substitute CC, CXX, CARGO BUILD RUSTC, and CMAKE C COMPILER...

6.1CVSS6.2AI score0.0013EPSS
Exploits0References6
NVD
NVD
added 2026/04/21 12:16 a.m.8 views

CVE-2026-41330

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/20 11:8 p.m.4 views

CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/20 11:8 p.m.30 views

CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/04/20 11:8 p.m.9 views

CVE-2026-41330

OpenClaw (npm) vulnerable through host exec policy: environment variable overrides allow bypassing proxy, TLS verification, Docker restrictions, and Git TLS enforcement. Affected versions = 2026.3.31.

4.4CVSS5.8AI score0.00124EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/20 12:0 a.m.18 views

PT-2026-33872

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References4
Snyk
Snyk
added 2026/04/09 5:37 p.m.4 views

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the host-exec process. An attacker can execute arbitrary commands by injecting environment variables that influence interpreters, shells, or build tools. Remediation...

5.9CVSS6.1AI score
Exploits0References2
Rows per page
Query Builder