CVE-2026-41384
CWE-15Published: April 28, 2026· Updated: May 1, 2026
Official Description
OpenClaw before 2026.3.24 contains an environment variable injection vulnerability in the CLI backend runner that allows attackers to inject malicious environment variables through workspace configuration. Attackers can craft malicious workspace configs to inject arbitrary environment variables into the backend process spawning, enabling code execution or sensitive data exposure.
Technical Analysis
CVE-2026-41384 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation does not require any privileges, though user interaction (Required) is needed, which slightly reduces the risk of mass automated attacks.
A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
Official Patches & Advisories
All References (3)
Quick Facts
Related CVEs (CWE-15)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2026-41384 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts