CVE-2026-41391 | OpenClaw up to 2026.3.30 Environment Variable PIP_INDEX_URL/UV_INDEX_URL incomplete blacklist (GHSA-7ggg-pvrf-458v)

A vulnerability described as critical has been identified in OpenClaw up to 2026.3.30. Affected by this vulnerability is an unknown functionality of the component Environment Variable Handler. Such manipulation of the argument PIP_INDEX_URL/UV_INDEX_URL leads to incomplete blacklist.

This vulnerability is listed as CVE-2026-41391. The attack must be carried out locally. There is no available exploit.

Upgrading the affected component is recommended.VulDB Recent EntriesRead More