Docker
CVE-2026-41330
LOW
Severity by source
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 1 npm packages depend on openclaw (1 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.31.
DescriptionCVE.org
OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
AnalysisAI
OpenClaw before version 2026.3.31 fails to sanitize environment variables in its host exec policy, allowing authenticated local attackers to override proxy, TLS, Docker, and Git TLS security controls. An attacker with local access and limited privileges can bypass intended security restrictions by injecting malicious environment variables, potentially disabling certificate verification or redirecting traffic through unauthorized proxies. No public exploit code has been identified, and the vulnerability requires process interaction (AT:P) to trigger.
Technical ContextAI
OpenClaw's host exec policy is designed to enforce security controls over external command execution, including proxy configuration, Transport Layer Security (TLS) verification for HTTPS connections, Docker container restrictions, and Git repository TLS enforcement. The vulnerability stems from CWE-453 (Insecure Resource Validation), where environment variables passed to executed processes are not properly validated or sanitized. This allows attackers to override critical security-related environment variables such as HTTP_PROXY, HTTPS_PROXY, NO_PROXY, NODE_TLS_REJECT_UNAUTHORIZED, DOCKER_HOST, and GIT_SSL_NO_VERIFY. The vulnerability affects OpenClaw versions prior to 2026.3.31, as identified by CPE references to the product.
RemediationAI
Upgrade OpenClaw to version 2026.3.31 or later, which includes fixes to properly sanitize and validate environment variables in the host exec policy. This patch ensures that proxy, TLS, Docker, and Git TLS controls cannot be bypassed via environment variable injection. If immediate upgrading is not feasible, restrict local access to OpenClaw to trusted users only and implement file system monitoring on configuration and process-related directories to detect unauthorized environment variable modifications. Additionally, apply strict access controls on accounts with OpenClaw privileges (PR:L users) and consider disabling or restricting the host exec policy feature if not required for operational use. Refer to the GitHub security advisory (GHSA-9gp8-hjxr-6f34) and VulnCheck advisory for detailed patch notes and deployment guidance.
An issue was discovered in Appsmith before 1.52. Rated critical severity (CVSS 9.8), this vulnerability is remotely expl
runc through version 1.0-rc6 (used in Docker before 18.09.2) contains a container escape vulnerability that allows attac
Netmaker makes networks with WireGuard. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
Unauthenticated remote code execution in Marimo ≤0.20.4 allows attackers to execute arbitrary system commands via the `/
The News & Blog Designer Pack - WordPress Blog Plugin - (Blog Post Grid, Blog Post Slider, Blog Post Carousel, Blog Post
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build
Remote code execution in NocoBase Workflow Script Node (npm @nocobase/plugin-workflow-javascript) allows authenticated l
Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-c
Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 25.2.169 and Application prior to version 2
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution du
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Rated critical seve
Unauthenticated remote code execution in 9router (npm package) versions 0.4.30 through 0.4.36 allows network-adjacent at
Same weakness CWE-453 – Insecure Default Variable Initialization
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today