Environment Variable Override Vulnerability in OpenClaw by OpenClaw
CVE-2026-41330

2LOW

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 20 April 2026

What is CVE-2026-41330?

OpenClaw versions prior to 2026.3.31 exhibit a serious vulnerability that allows attackers to exploit environment variables in a way that circumvents security measures linked to proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement. By overriding these environment variables, malicious actors can gain unauthorized access and control, bypassing essential security protocols designed to safeguard the system. Organizations using affected versions should upgrade immediately to mitigate risks.

Affected Version(s)

OpenClaw 0 < 2026.3.31

OpenClaw 2026.3.31

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://github.com/openclaw/openclaw/commit/4d912e04519b4...

patch

https://www.vulncheck.com/advisories/openclaw-environment...

third-party-advisory

CVSS V4

Score:

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2026
Vulnerability Reserved
Apr 20, 2026

Credit

AntAISecurityLab

CVE-2026-41330 Data

JSON