What is CVE-2026-41369?

CVE-2026-41369 is a medium-severity vulnerability in Openclaw, classified under Exposure of Resource to Wrong Sphere. CVSS score: 6.5/10. Published 2026-04-28.

How severe is CVE-2026-41369?

Medium severity. CVSS v3 base score is 6.5 out of 10.

Vulnerability in Openclaw

CVE-2026-41369

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious…

EPSS: 0.001 (17.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N.

Affected products

Openclaw — versions 0, 2026.3.31

Weakness classification (CWE)

CWE-668 — Exposure of Resource to Wrong Sphere

References

GitHub Security Advisory (GHSA-cg7q-fg22-4g98) (vendor-advisory, Vendor Advisory)
Patch Commit (Patch, patch)
VulnCheck Advisory: OpenClaw < 2026.3.31 - Insufficient Environment Variable Sanitization in Host Execution (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-41369?: CVE-2026-41369 is a medium-severity vulnerability in Openclaw, classified under Exposure of Resource to Wrong Sphere. CVSS score: 6.5/10. Published 2026-04-28.
How severe is CVE-2026-41369?: Medium severity. CVSS v3 base score is 6.5 out of 10.