Lucene search
K

6 matches found

Snyk
Snyk
added 2026/06/18 1:2 p.m.4 views

Incomplete List of Disallowed Inputs

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs via insufficient sanitization of environment variables in the process. An attacker can influence the behavior of a Node.js child process or alter...

8.1CVSS5.9AI score0.00246EPSS
Exploits0References2
NVD
NVD
added 2026/04/23 10:16 p.m.5 views

CVE-2026-41357

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS0.00152EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/23 9:58 p.m.2 views

CVE-2026-41357 OpenClaw < 2026.3.31 - Unsanitized Environment Variable Leakage in SSH Sandbox Backends

OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leveraging non-default SSH environment forwarding configurations to leak sensitive environment variabl...

3.3CVSS5.2AI score0.00152EPSS
Exploits0References3
OSV
OSV
added 2026/04/02 9:1 p.m.3 views

GHSA-J9PV-RRCJ-6PFX OpenClaw: SSH-based sandbox backends pass unsanitized process.env to child processes

Summary SSH-based sandbox backends pass unsanitized process.env to child processes Current Maintainer Triage - Status: narrow - Normalized severity: low - Assessment: Shipped SSH sandbox paths leaked unsanitized env into local SSH child processes, but remote leakage needs non-default SSH env...

5.1CVSS5.9AI score
Exploits0References4
Snyk
Snyk
added 2026/04/02 9:1 p.m.2 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the process.env variable being passed unsanitized to child processes. An attacker can influence the environment of...

5.1CVSS5.9AI score0.00152EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/30 3:2 p.m.1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the enforcer that uses environment variables without sanitation. An attacker can execute arbitrary commands or cause a buffer overflow by supplying crafted input to the affected component. Remediation Upgrade...

9.9CVSS8.3AI score0.0043EPSS
Exploits0References3
Rows per page
Query Builder