Tag
high
advisory
OpenClaw Insufficient Environment Variable Denylist Vulnerability (CVE-2026-43584)
3 rules 3 TTPs 1 CVEOpenClaw before 2026.4.10 is vulnerable to an insufficient environment variable denylist, allowing attackers to manipulate interpreter startup variables to influence execution behavior or network connectivity.
OpenClaw
vulnerability
environment-variable
code-execution
3r
3t
1c
high
advisory
OpenClaw Incomplete Host Environment Variable Sanitization Vulnerability (CVE-2026-41387)
2 rules 1 TTP 1 CVEOpenClaw before 2026.3.22 is vulnerable to incomplete host environment variable sanitization, allowing attackers to redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content.
OpenClaw
vulnerability
supply-chain
environment-variable
2r
1t
1c
high
advisory
PowerShell Execution via Environment Variables
2 rules 1 TTPAdversaries use PowerShell to execute malicious code stored in environment variables, leveraging Invoke-Expression or its aliases to bypass static analysis and execute payloads dynamically, as seen in malware loaders and stagers like the VIP Keylogger.
Splunk Enterprise +2
powershell
environment-variable
invoke-expression
execution
2r
1t