CVE-2026-41915 | OpenClaw up to 2026.4.7 Environment Variable GIT_DIR incomplete blacklist (GHSA-cm8v-2vh9-cxf3)

A vulnerability, which was classified as critical, was found in OpenClaw up to 2026.4.7. The impacted element is an unknown function of the component Environment Variable Handler. Such manipulation of the argument GIT_DIR leads to incomplete blacklist.

This vulnerability is documented as CVE-2026-41915. The attack needs to be performed locally. There is not any exploit available.

You should upgrade the affected component.VulDB Recent EntriesRead More