Tag
OpenClaw before 2026.3.28 is vulnerable to environment variable injection by loading a .env file from the current working directory before trusted configuration, potentially allowing attackers to override runtime settings.