← Retour aux CVEs
CVE-2026-41330
MEDIUM4.4
Description
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
Details CVE
Score CVSS v3.14.4
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie4/21/2026
Derniere modification4/21/2026
Sourcenvd
Observations honeypot0
Faiblesses (CWE)
CWE-453
References
https://github.com/openclaw/openclaw/commit/4d912e04519b4bd53b248437c53748cdebce9a41(disclosure@vulncheck.com)
https://github.com/openclaw/openclaw/security/advisories/GHSA-9gp8-hjxr-6f34(disclosure@vulncheck.com)
https://www.vulncheck.com/advisories/openclaw-environment-variable-override-via-host-exec-policy(disclosure@vulncheck.com)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.