CVE-2026-41330 Overview
OpenClaw before version 2026.3.31 contains an environment variable override vulnerability in its host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. This Insecure Default Configuration vulnerability allows attackers with local access to bypass critical security controls by overriding environment variables, effectively circumventing proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.
Critical Impact
Local attackers can bypass security controls including TLS verification and proxy settings by manipulating environment variables in host exec policy, potentially enabling man-in-the-middle attacks and unauthorized access to protected resources.
Affected Products
- OpenClaw versions prior to 2026.3.31
Discovery Timeline
- 2026-04-21 - CVE CVE-2026-41330 published to NVD
- 2026-04-21 - Last updated in NVD database
Technical Details for CVE-2026-41330
Vulnerability Analysis
This vulnerability stems from an insecure default configuration in OpenClaw's host exec policy implementation. The HostEnvSecurityPolicy module fails to include critical Git SSL-related environment variables in its blocklist, allowing local users to override security-sensitive settings. When commands are executed through the host exec functionality, attackers can inject environment variables such as GIT_SSL_NO_VERIFY, GIT_SSL_CAINFO, and GIT_SSL_CAPATH to disable or manipulate TLS certificate verification.
The vulnerability affects the security boundary between user-controlled environment variables and system security controls. By exploiting this weakness, an attacker could potentially disable TLS verification for Git operations, redirect traffic through malicious proxies, or bypass Docker security restrictions—all without requiring elevated privileges.
Root Cause
The root cause lies in incomplete environment variable filtering within the isDangerousHostEnvVarName function in the host-env-security.js module. The original implementation did not account for proxy-style environment overrides, specifically missing critical Git SSL variables from the dangerous variable blocklist. This oversight in the security policy configuration allowed users to inject these variables and bypass intended security controls.
Attack Vector
The attack requires local access to the system. An attacker with low privileges can exploit this vulnerability by setting specific environment variables before executing operations through OpenClaw's host exec policy. The attack complexity is low once local access is obtained, though it requires specific conditions to be exploitable (the vulnerable environment variable handling must be in the execution path).
"GIT_EXEC_PATH",
"GIT_SEQUENCE_EDITOR",
"GIT_TEMPLATE_DIR",
+ "GIT_SSL_NO_VERIFY",
+ "GIT_SSL_CAINFO",
+ "GIT_SSL_CAPATH",
"CC",
"CXX",
"CARGO_BUILD_RUSTC",
Source: GitHub Commit Update
The patch adds GIT_SSL_NO_VERIFY, GIT_SSL_CAINFO, and GIT_SSL_CAPATH to the blocklist of dangerous environment variables, preventing users from overriding these security-critical settings.
Detection Methods for CVE-2026-41330
Indicators of Compromise
- Unexpected values set for GIT_SSL_NO_VERIFY, GIT_SSL_CAINFO, or GIT_SSL_CAPATH environment variables in process contexts
- Log entries showing Git operations with disabled SSL verification
- Anomalous proxy configuration changes in application environment
- Process execution with manipulated environment variables targeting TLS or proxy settings
Detection Strategies
- Monitor process creation events for environment variable manipulation, specifically looking for GIT_SSL_* variables being set
- Implement audit logging for OpenClaw host exec operations to track environment variable inheritance
- Deploy endpoint detection rules to flag attempts to disable TLS verification in Git operations
- Review application logs for unexpected certificate validation failures or proxy routing changes
Monitoring Recommendations
- Enable verbose logging for OpenClaw operations and monitor for security policy bypass attempts
- Configure SentinelOne to detect and alert on suspicious environment variable modifications in process contexts
- Implement network monitoring to detect unencrypted Git traffic that should be using TLS
- Set up alerts for configuration changes to proxy and TLS settings in containerized environments
How to Mitigate CVE-2026-41330
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.31 or later immediately
- Audit existing deployments for any signs of environment variable manipulation
- Review and restrict permissions for users with local access to systems running OpenClaw
- Implement additional monitoring for environment variable changes in production environments
Patch Information
The vulnerability has been addressed in OpenClaw version 2026.3.31. The fix introduces the isDangerousHostEnvOverrideVarName function alongside the existing isDangerousHostEnvVarName check to properly block proxy-style environment overrides. The patch updates both the macOS native security policy (HostEnvSecurityPolicy.generated.swift) and the TypeScript agent skills module (env-overrides.ts).
For detailed patch information, see the GitHub Commit Update and the GitHub Security Advisory.
Workarounds
- If immediate patching is not possible, restrict local access to systems running OpenClaw
- Implement strict environment variable controls at the system level to prevent modification of GIT_SSL_* variables
- Use network-level enforcement of TLS requirements as a compensating control
- Consider running OpenClaw in isolated containers with restricted environment variable inheritance
# Example: Restrict environment variable inheritance in container deployment
docker run --env-file=/path/to/allowed-env-vars.list \
--read-only \
--security-opt=no-new-privileges \
openclaw/openclaw:2026.3.31
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
