CVE-2026-41357

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description SSH-based sandbox backends pass unsanitized process.env to child processes, leading to environment variable leakage. Attackers can leverage non-default SSH environment forwarding configurations to leak sensitive environment variables from parent processes to SSH child processes.

Recommendations Update to version 2026.3.31 or later.