Cyber Resilience

CVE-2026-41294

HighPublic PoC

Published: 21 April 2026

Published
21 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 8.5 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0013 2.9th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-41294 is a high-severity External Control of System or Configuration Setting (CWE-15) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.5 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Path Interception by Search Order Hijacking (T1574.008); ranked at the 2.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and CM-6 (Configuration Settings).

Deeper analysis

CVE-2026-41294 affects OpenClaw versions before 2026.3.28, enabling environment variable injection due to the application loading a .env file from the current working directory prior to trusted state-dir configuration. This flaw allows override of runtime configuration and security-sensitive environment settings during OpenClaw startup, as documented in the CVE description published on 2026-04-21. The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) and maps to CWE-15 (External Control of System or Configuration Setting).

Attackers with local access can exploit this by placing a malicious .env file in a repository or workspace directory. Exploitation requires low complexity and no privileges but depends on user interaction, such as a user invoking OpenClaw from the compromised directory. Successful injection alters critical environment variables, achieving high impacts on confidentiality, integrity, and availability with a changed scope.

Mitigation details are outlined in advisories at https://github.com/openclaw/openclaw/security/advisories/GHSA-8rh7-6779-cjqq and https://www.vulncheck.com/advisories/openclaw-environment-variable-injection-via-cwd-env-file. OpenClaw 2026.3.28 addresses the issue by correcting the .env loading order relative to trusted configuration.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw…

more

startup.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1574.008 Path Interception by Search Order Hijacking Stealth
Adversaries may execute their own malicious payloads by hijacking the search order used to load other programs.
Why these techniques?

The vulnerability allows hijacking of configuration loading via malicious .env file placed in CWD (searched before trusted state-dir), directly enabling path interception by search order hijacking to override security-sensitive settings.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-43531Same product: Openclaw Openclaw
CVE-2026-41384Same product: Openclaw Openclaw
CVE-2026-35650Same product: Openclaw Openclaw
CVE-2026-22177Same product: Openclaw Openclaw
CVE-2026-32009Same product: Openclaw Openclaw
CVE-2026-31999Same product: Openclaw Openclaw
CVE-2026-27646Same product: Openclaw Openclaw
CVE-2026-32924Same product: Openclaw Openclaw
CVE-2026-42431Same product: Openclaw Openclaw
CVE-2026-27523Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.3.28

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires identification, reporting, and timely correction of system flaws, directly mitigating CVE-2026-41294 by applying the vendor patch that fixes the improper .env loading order.

prevent

SI-10 validates the correctness and provenance of information inputs from external sources like the untrusted CWD .env file, preventing malicious environment variable injection.

prevent

CM-6 establishes and enforces secure configuration settings for the application, reducing the risk of runtime configuration overrides from untrusted .env files.

References