CVE-2026-41396 | OpenClaw up to 2026.3.30 Environment Variable OPENCLAW_BUNDLED_PLUGINS_DIR inclusion of functionality from untrusted control sphere (GHSA-qcj9-wwgw-6gm8)

A vulnerability labeled as problematic has been found in OpenClaw up to 2026.3.30. The impacted element is an unknown function of the component Environment Variable Handler. The manipulation of the argument OPENCLAW_BUNDLED_PLUGINS_DIR results in inclusion of functionality from untrusted control sphere.

This vulnerability was named CVE-2026-41396. The attack needs to be approached locally. There is no available exploit.

The affected component should be upgraded.VulDB Recent EntriesRead More