Lucene search
K

5 matches found

EUVD
EUVD
added 2026/06/11 8:10 p.m.9 views

EUVD-2026-36325

OpenClaw before 2026.5.27 contains an arbitrary code execution vulnerability in skill install flows where workspace .env files can override the Homebrew executable selection. Attackers with access to trusted operator workspaces can execute unintended Homebrew-compatible executables during skill...

8.8CVSS6.2AI score0.00298EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 11:25 a.m.6 views

EUVD-2026-27273

OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set runtime-control variables. Attackers can inject variables affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths to compromise...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References3
NVD
NVD
added 2026/04/28 7:37 p.m.13 views

CVE-2026-41396

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDPLUGINSDIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory...

8.5CVSS0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/23 9:57 p.m.35 views

CVE-2026-41336 OpenClaw < 2026.3.31 - Arbitrary Hook Code Execution via OPENCLAW_BUNDLED_HOOKS_DIR Environment Variable Override

OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAWBUNDLEDHOOKSDIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted default-on bundled hooks from untrusted workspaces to execute arbitrary code...

8.5CVSS0.00133EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/17 12:0 a.m.8 views

PT-2026-37016

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9 Description An environment variable injection issue exists where malicious workspace .env files can set runtime-control variables. This allows attackers to inject variables that affect update sources, gatewa...

7.3CVSS5.8AI score0.00203EPSS
Exploits0References7
Rows per page
Query Builder