CVE-2026-41387 | OpenClaw up to 2026.3.21 Environment Variable host-env-security-policy.json permissive list of allowed inputs (GHSA-j7p2-qcwm-94v4)

A vulnerability identified as problematic has been detected in OpenClaw up to 2026.3.21. This vulnerability affects unknown code of the file host-env-security-policy.json of the component Environment Variable Handler. Performing a manipulation results in permissive list of allowed inputs.

This vulnerability was named CVE-2026-41387. The attack needs to be approached locally. There is no available exploit.

You should upgrade the affected component.VulDB Recent EntriesRead More