3 matches found
CVE-2026-41357
OpenClaw is affected by an environment variable leakage in SSH sandbox backends prior to version 2026.3.31. The issue arises when unsanitized process.env is passed to child processes, enabling leakage of sensitive environment variables through non-default SSH environment forwarding configurations...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained security vulnerabilities. These vulnerabilities stemmed from environmental variable leakage in the SSH-based sandbox backend. Uncleanly passed process.env values we...
OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes
Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...