What is CVE-2026-41384?

CVE-2026-41384 is a high-severity vulnerability in Openclaw, classified under CWE-15. CVSS score: 7.8/10. Published 2026-04-28.

How severe is CVE-2026-41384?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Openclaw

CVE-2026-41384

OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious wor…

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Openclaw — versions 0, 2026.3.24

Weakness classification (CWE)

CWE-15

References

GitHub Security Advisory (GHSA-vfw7-6rhc-6xxg) (vendor-advisory, Vendor Advisory)
Patch Commit (Patch, patch)
VulnCheck Advisory: OpenClaw < 2026.3.24 - Environment Variable Injection via Workspace Config in CLI Backend (Third Party Advisory, third-party-advisory)

Frequently asked questions

What is CVE-2026-41384?: CVE-2026-41384 is a high-severity vulnerability in Openclaw, classified under CWE-15. CVSS score: 7.8/10. Published 2026-04-28.
How severe is CVE-2026-41384?: High severity. CVSS v3 base score is 7.8 out of 10.