Docker CVE-2026-41330

LOW

Insecure Default Variable Initialization (CWE-453)

2026-04-21 [email protected]

2.0

CVSS 4.0

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Analysis Generated

Apr 21, 2026 - 00:40 vuln.today

DescriptionNVD

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.

AnalysisAI

OpenClaw before version 2026.3.31 fails to sanitize environment variables in its host exec policy, allowing authenticated local attackers to override proxy, TLS, Docker, and Git TLS security controls. An attacker with local access and limited privileges can bypass intended security restrictions by injecting malicious environment variables, potentially disabling certificate verification or redirecting traffic through unauthorized proxies. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-41330 vulnerability details – vuln.today

Back