# CVE-2026-41369

> Vulnerability · severity: **MEDIUM** (CVSS 6.5).

## Description

OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity.

## Key facts

- **CVE ID:** CVE-2026-41369
- **Published:** 2026-04-28
- **CVSS severity:** MEDIUM
- **CVSS base score:** 6.5
- **CWE codes:** CWE-668

## Affected products

- `openclaw:openclaw`

## Primary sources

- NIST NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-41369

## Citation

> AI Analytics. CVE-2026-41369. Retrieved 2026-06-27 from https://api.ai-analytics.org/cve/CVE-2026-41369. Derived from NIST NVD. Licensed CC0.

---

*[Dataset catalog](https://api.ai-analytics.org/datasets/) · [AI Analytics](https://api.ai-analytics.org/) · CC0 1.0*