CVE-2026-41330 OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,...

CVE-2026-41294

OpenClaw is affected by CVE-2026-41294: versions before 2026.3.28 load the current working directory’s .env file during startup before trusted state-dir configuration, allowing environment variable injection that can override runtime configuration and security-sensitive environment settings. The ...

CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment...

CVE-2026-41294 OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment...

MAL-2026-2948 Malicious code in leavemealone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...

Malicious code in leavemealone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...

GHSA-W9R4-94FJ-XP69 Apache Airflow Exposes Secrets in Variables Saved as JSON Dictionaries

Secrets in Variables saved as JSON dictionaries were not properly redacted - in case the variables were retrieved by the user the secrets stored as nested fields were not masked. If developers do not store variables with sensitive values in JSON form, their projects are not affected. Otherwise...

CVE-2026-32690

CVE-2026-32690 affects Apache Airflow 3.x before 3.2.0. The issue is that secrets stored in Variables as JSON dictionaries were not properly redacted; nested secret fields could be exposed when variables are retrieved. Affected patterns involve storing sensitive values in JSON form, and the root ...

Command Injection

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Command Injection via improper handling of environment variable assignments in argv forms during shell-wrapper detection. An attacker can execute arbitrary commands by injecting specially...

GHSA-J6C7-3H5X-99G9 OpenClaw: Shell-wrapper detection missed env-argv assignment injection forms

Summary Shell-wrapper detection missed env-argv assignment injection forms. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.2.22 = 2026.4.12 Impact Exec preflight handling missed shell-wrapper and argv-level environment assignment forms that could...

CVE-2026-40285

WeGIA web manager versions before 3.6.10 are affected by a SQL injection in dao/memorando/UsuarioDAO.php. The flaw stems from the cpf_usuario POST parameter being used to overwrite the session-stored user identity via extract($_REQUEST) in DespachoControle::verificarDespacho(), with the attacker-...

CVE-2026-6434

A flaw was found in rust-coreutils. The uusort utility creates temporary files with insecure permissions readable and writable by all local users when performing external sorting. Additionally, these temporary files are not reliably removed if the uusort program terminates unexpectedly due to...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007246)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007246 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to histvars if they have referenced variables Hist triggers ca...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007299)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007299 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the priv-statelock, a...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007305 advisory. In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc in zynqclksetup...

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

Flowise: Parameter Override Bypass Remote Command Execution

Summary Flowise is vulnerable to a critical unauthenticated remote command execution RCE vulnerability. It can be exploited via a parameter override bypass using the FILE-STORAGE:: keyword combined with a NODEOPTIONS environment variable injection. This allows for the execution of arbitrary syste...

Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

GHSA-M7MQ-85XJ-9X33 Flowise: Weak Default Token Hash Secret

Detection Method: Kolega.dev Deep Code Scan | Attribute | Value | |---|---| | Location | packages/server/src/enterprise/utils/tempTokenUtils.ts:31-34 | | Practical Exploitability | Medium | | Developer Approver | [email protected] | Description The encryption key for token encryption has a weak...

GHSA-MJ7R-X3H3-7RMR ApostropheCMS: User Enumeration via Timing Side Channel in Password Reset Endpoint

Summary The password reset endpoint /api/v1/@apostrophecms/login/reset-request exhibits a measurable timing side channel that allows unauthenticated attackers to enumerate valid usernames and email addresses. When a user is not found, the handler returns after a fixed 2-second artificial delay, b...