CVE-2026-41330— OpenClaw 安全漏洞

OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

不安全的缺省变量初始化

OpenClaw 安全漏洞

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.31之前版本存在安全漏洞，该漏洞源于主机执行策略中的环境变量覆盖问题，可能导致攻击者通过覆盖环境变量来绕过代理设置、TLS验证、Docker限制和Git TLS强制执行等安全控制。

N/A

N/A