Medium severity6.5NVD Advisory· Published Apr 28, 2026· Updated Apr 28, 2026
CVE-2026-41369
CVE-2026-41369
Description
OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
openclawnpm | < 2026.3.31 | 2026.3.31 |
Affected products
2Patches
Vulnerability mechanics
References
5- github.com/openclaw/openclaw/commit/eb8de6715f02949c21c4e895fffc8a6dcb00975cnvdPatchWEB
- github.com/advisories/GHSA-cg7q-fg22-4g98ghsaADVISORY
- github.com/openclaw/openclaw/security/advisories/GHSA-cg7q-fg22-4g98nvdVendor AdvisoryWEB
- www.vulncheck.com/advisories/openclaw-insufficient-environment-variable-sanitization-in-host-executionnvdThird Party AdvisoryWEB
- github.com/openclaw/openclaw/releases/tag/v2026.3.31ghsaWEB
News mentions
0No linked articles in our index yet.