CVE-2026-41915

CVSS v3.1

5.3

Medium

AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT DIR and related variables to redirect git operations and compromise repository integrity.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-184

Related Identifiers

CVE-2026-41915

Affected Products

Openclaw

CVE-2026-41915

Weakness Enumeration

Related Identifiers

Affected Products

References · 5