Cyber Resilience

CVE-2026-41330

LowPublic PoC

Published: 21 April 2026

Published
21 April 2026
Modified
27 April 2026
KEV Added
Patch
CVSS Score v4 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0012 2.5th percentile
Risk Priority 15 floored blend · peak EPSS

Summary

CVE-2026-41330 is a low-severity Insecure Default Variable Initialization (CWE-453) vulnerability in Openclaw Openclaw. Its CVSS base score is 2.0 (Low).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify Tools (T1685); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

EU & UK References

Vulnerability details

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification,…

more

Docker restrictions, and Git TLS enforcement.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1685 Disable or Modify Tools Defense Impairment
Adversaries may disable, degrade, or tamper with security tools or applications (e.
Why these techniques?

Env var override directly bypasses proxy/TLS/Docker controls, enabling modification of defensive tool behavior per T1562.001.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

Affected Assets

openclaw
openclaw
≤ 2026.3.31

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References