PT-2026-34763 · Openclaw · Openclaw
Nicky
·
Published
2026-03-31
·
Updated
2026-04-25
·
CVE-2026-41332
CVSS v3.1
5.3
Medium
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.28
Description
An environment variable sanitization issue exists where
GIT TEMPLATE DIR and AWS CONFIG FILE are not included in the host-env blocklist. This allows attackers to use approved exec requests to redirect git or AWS CLI behavior via attacker-controlled configuration files, leading to the execution of untrusted code or the loading of malicious credentials.Recommendations
Update to version 2026.3.28.
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw