CVE-2026-43531 OpenClaw < 2026.4.9 - Environment Variable Injection via Workspace .env File

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the environment variable loading process. An attacker can influence trusted runtime behavior by setting specially crafted OPENCLAW variables in a...

DEBIAN-CVE-2026-4948

A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication,...

Cleartext Storage of Sensitive Information

Overview fuxa-server is a Web-based Process Visualization SCADA/HMI/Dashboard software Affected versions of this package are vulnerable to Cleartext Storage of Sensitive Information via runtime.settings. An attacker can obtain sensitive administrative database credentials and full system...