โ† All reports

The OpenClaw software has vulnerabilities that allow attackers to inject malicious environment variables and bypass security controls.

CybersecurityTechnologyConflictApr 21, 2026score 0.172 posts ยท 0 replies across 1 instances
The thread discusses two vulnerabilities in the OpenClaw software, both related to environment variable injection and improper enforcement of security controls, which could allow attackers to bypass security measures and inject malicious configurations.

Claims

The OpenClaw software has vulnerabilities that allow attackers to inject malicious environment variables and bypass security controls.
Parent: CybersecurityEntity: OpenClawImpact: negativeDate: Apr 21, 2026Target: The OpenClaw software's security measures

Source posts

@[email protected]
๐Ÿšจ EUVD-2026-23998 ๐Ÿ“Š Score: 8.5/10 (CVSS v3.1) ๐Ÿ“ฆ Product: OpenClaw, OpenClaw ๐Ÿข Vendor: OpenClaw ๐Ÿ“… Updated: 2026-04-20 ๐Ÿ“ OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime co... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-23998 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability
@[email protected]
๐Ÿšจ EUVD-2026-24018 ๐Ÿ“Š Score: 2.0/10 (CVSS v3.1) ๐Ÿ“ฆ Product: OpenClaw, OpenClaw ๐Ÿข Vendor: OpenClaw ๐Ÿ“… Updated: 2026-04-20 ๐Ÿ“ OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variab... ๐Ÿ”— https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-24018 #cybersecurity #infosec #euvd #cve #vulnerability
1 boosts ยท 0 favs ยท 0 replies ยท Apr 21, 2026
#cybersecurity#infosec#euvd#cve#vulnerability