Tag
OpenClaw versions prior to 2026.6.6 contain an environment variable filtering vulnerability in its host exec component that fails to properly sanitize rustup startup variables, allowing attackers with lower-trust caller access or configured input paths to execute or persist actions beyond their intended authorization level.