CVE-2026-42427 | OpenClaw up to 2026.4.7 Environment Variable incomplete blacklist (GHSA-7437-7hg8-frrw)

A vulnerability categorized as critical has been discovered in OpenClaw up to 2026.4.7. Affected is an unknown function of the component Environment Variable Handler. The manipulation of the argument HGRCPATH/CARGO_BUILD_RUSTC_WRAPPER/RUSTC_WRAPPER/MAKEFLAGS results in incomplete blacklist.

This vulnerability was named CVE-2026-42427. The attack needs to be approached locally. There is no available exploit.

It is advisable to upgrade the affected component.VulDB Recent EntriesRead More