Medium severity4.4NVD Advisory· Published Apr 21, 2026· Updated Apr 27, 2026
CVE-2026-41330
CVE-2026-41330
Description
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.31 | 2026.3.31 |
Affected products
2Patches
Vulnerability mechanics
References
6- github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41nvdPatchWEB
- github.com/advisories/GHSA-9gp8-hjxr-6f34ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34nvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2026-41330ghsaADVISORY
- www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policynvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB
News mentions
0No linked articles in our index yet.