8 matches found
CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...
PT-2026-35758
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An incomplete host-env-security-policy.json fails to restrict compiler binary environment variables. This allows untrusted models to substitute CC, CXX, CARGO BUILD RUSTC, and CMAKE C COMPILER...
CVE-2026-41330
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...
CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...
CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...
CVE-2026-41330
OpenClaw (npm) vulnerable through host exec policy: environment variable overrides allow bypassing proxy, TLS verification, Docker restrictions, and Git TLS enforcement. Affected versions = 2026.3.31.
PT-2026-33872
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...
Command Injection
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via the host-exec process. An attacker can execute arbitrary commands by injecting environment variables that influence interpreters, shells, or build tools. Remediation...