CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...

CVE-2026-41915 OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Environment

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...

EUVD-2026-26121

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GITDIR and related variables to redirect git operations and compromise repository integrity...

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.8 contained security vulnerabilities. These vulnerabilities stemmed from the failure to remove git pipeline environment variables from the execution environment before performin...

PT-2026-35797

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT DIR and related variables to redirect git operations and compromise repository integrity...

PT-2025-30953

Name of the Vulnerable Software and Affected Versions: tj-actions/branch-names versions 8.2.1 and below Description: A critical command injection vulnerability exists in the tj-actions/branch-names GitHub Action workflow. This flaw stems from inconsistent input sanitization and unescaped output,...

CVE-2023-6944

A flaw was found in the Red Hat Developer Hub RHDH. The catalog-import function leaks GitLab access tokens on the frontend when the base64 encoded GitLab token includes a newline at the end of the string. The sanitized error can display on the frontend, including the raw access token. Upon gainin...

GHSA-F594-F3V3-G649 pyshop vulnerable to man-in-the-middle attacks due to using HTTP to retrieve packages from the PyPI repository

pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to a download operation...