Tag

Plugin-Injection

1 brief RSS

OpenClaw Plugin Trust Verification Bypass via Environment Variable Override

OpenClaw before 2026.3.31 allows attackers with control over workspace configuration to inject malicious plugins by overriding the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable through workspace .env files, compromising plugin trust verification.

OpenClaw cve-2026-41396 environment-variable-override plugin-injection

2r 1t 1c Jan 3, 2024