CVE-2026-41294— OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

CVSS 8.6 · High EPSS 0.01% · P3 Updated Apr 21, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-41294

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

Source: NVD (National Vulnerability Database)

Vulnerability Description

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

系统设置或配置在外部可控制

Source: NVD (National Vulnerability Database)

Vulnerability Title

OpenClaw 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.3.28之前版本存在安全漏洞，该漏洞源于加载当前工作目录.env文件早于受信任状态目录配置，可能导致环境变量注入攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
OpenClaw	OpenClaw	0 ~ 2026.3.28	-

II. Public POCs for CVE-2026-41294

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-41294

请登录查看更多情报信息。

https://nvd.nist.gov/vuln/detail/CVE-2026-41294

Same Patch Batch · OpenClaw · 2026-04-20 · 15 CVEs total

CVE-2026-41329	9.9 CRITICAL	OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner
CVE-2026-41303	8.8 HIGH	OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands
CVE-2026-41296	8.2 HIGH	OpenClaw < 2026.3.31 - Sandbox Escape via TOCTOU Race in Remote FS Bridge readFile
CVE-2026-41295	7.8 HIGH	OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Ch
CVE-2026-41297	7.6 HIGH	OpenClaw < 2026.3.31 - Server-Side Request Forgery via Marketplace Plugin Download Redirec
CVE-2026-41302	7.6 HIGH	OpenClaw < 2026.3.31 - Server-Side Request Forgery via Unguarded fetch() in Marketplace Pl
CVE-2026-41299	7.1 HIGH	OpenClaw < 2026.3.28 - Client Identity Spoofing in chat.send Gateway Provenance Guard
CVE-2026-41300	6.5 MEDIUM	OpenClaw < 2026.3.31 - Attacker-Discovered Endpoint Preservation in Remote Onboarding
CVE-2026-41389	5.8 MEDIUM	OpenClaw 2026.4.7 < 2026.4.15 - Arbitrary File Read via Unvalidated Tool-Result Media Path
CVE-2026-40045	5.7 MEDIUM	OpenClaw < 2026.4.2 - Cleartext Credential Transmission via Unencrypted WebSocket Gateway
CVE-2026-41298	5.4 MEDIUM	OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint
CVE-2026-41301	5.3 MEDIUM	OpenClaw 2026.3.22 < 2026.3.31 - Forged Nostr DM Pairing State Creation via Signature Veri
CVE-2026-41331	5.3 MEDIUM	OpenClaw < 2026.3.31 - Resource Consumption via Unauthorized Telegram Audio Preflight Tran
CVE-2026-41330	4.4 MEDIUM	OpenClaw < 2026.3.31 - Environment Variable Override via Host Exec Policy

IV. Related Vulnerabilities

Same product: OpenClaw

Same vendor: OpenClaw

Same weakness: CWE-15

V. Comments for CVE-2026-41294

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-41294— OpenClaw < 2026.3.28 - Environment Variable Injection via CWD .env File

I. Basic Information for CVE-2026-41294

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-41294

III. Intelligence Information for CVE-2026-41294

Same Patch Batch · OpenClaw · 2026-04-20 · 15 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2026-41294

Leave a comment