CVE-2026-41915
Received Received - Intake
Environment Variable Injection in OpenClaw Git Operations Risks Repository Integrity

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variables to redirect git operations and compromise repository integrity.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-29
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41915
EUVD
EUVD-2026-26121
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-41915 is a vulnerability in OpenClaw versions before 2026.4.8 where Git plumbing environment variables, such as GIT_DIR, are not removed from the execution environment before running host exec operations.

This allows attackers with limited privileges to set these environment variables and redirect Git operations, potentially compromising the integrity of Git repositories.

The root cause is an incomplete denylist of environment variables, leading to improper neutralization of special elements used in OS commands (CWE-78) and an incomplete list of disallowed inputs (CWE-184).

Impact Analysis

This vulnerability can allow an attacker with limited privileges to manipulate Git operations by injecting or redirecting Git commands through environment variables.

As a result, the integrity of your Git repositories can be compromised, potentially leading to unauthorized changes, code tampering, or disruption of development workflows.

Detection Guidance

Detection of this vulnerability involves checking if the OpenClaw version in use is prior to 2026.4.8, as those versions fail to remove Git plumbing environment variables such as GIT_DIR before executing host commands.

You can inspect the environment variables in the execution context of OpenClaw processes to see if Git-related variables like GIT_DIR are set. For example, running commands to list environment variables for the OpenClaw process or checking the environment before execution may help identify the presence of these variables.

  • Use commands like `ps aux | grep openclaw` to find running OpenClaw processes.
  • Use `cat /proc/<pid>/environ | tr '\0' '\n' | grep GIT_DIR` replacing `<pid>` with the OpenClaw process ID to check if GIT_DIR or related variables are set.
  • Check for environment variables in shell sessions or scripts that launch OpenClaw using `env | grep GIT_DIR` or similar.
Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.4.8 or later, where the vulnerability has been patched by properly removing Git plumbing environment variables from the execution environment before host exec operations.

Until the upgrade can be applied, ensure that environment variables such as GIT_DIR and other Git plumbing variables are not set or passed in the execution environment of OpenClaw processes.

Limit the privileges of users who can execute OpenClaw to reduce the risk of exploitation, as the vulnerability requires limited privileges but not elevated ones.

Review and sanitize any scripts or automation that invoke OpenClaw to ensure they do not propagate unsafe environment variables.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41915. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart