CVE-2026-41384 — HIGH (7.8)

Q: How severe is CVE-2026-41384?

CVE-2026-41384 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-41384?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.

CVSS Score

7.8

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.3.24

Related Weaknesses (CWE)

CWE-15

References

https://github.com/openclaw/openclaw/commit/c2fb7f1948c3226732a630256b5179a60664Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-vfw7-6rhc-6xxgVendor Advisory
https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-viaThird Party Advisory

FAQ

What is CVE-2026-41384?

CVE-2026-41384 is a vulnerability with a CVSS score of 7.8 (HIGH). OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configura...

How severe is CVE-2026-41384?

CVE-2026-41384 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-41384?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.