Tag
OpenClaw before version 2026.4.9 is vulnerable to environment variable injection, allowing attackers to use malicious workspace .env files to set runtime-control variables and compromise application behavior affecting update sources, gateway URLs, ClawHub resolution, and browser executable paths.