2 matches found
OpenClaw: Windows-compatible env override keys could bypass system.run approval binding
Summary Before OpenClaw 2026.4.2, system-run approval binding normalized environment override keys differently from host execution. Windows-compatible keys could be omitted from the approval binding while still being injected at execution time. Impact An approved command could run with...
Protection Mechanism Failure
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Protection Mechanism Failure due to inconsistent sanitization of host environment override keys in the host-env-security.ts process. An attacker can bypass environment policy restrictions...