A vulnerability, which was classified as problematic , has been found in OpenClaw up to 2026.3.30 . This issue affects some unknown processing of the component Environment Variable Handler . The manipulation of the argument OPENCLAW_BUNDLED_HOOKS_DIR leads to inclusion of functionality from untrusted control sphere. This vulnerability is uniquely identified as CVE-2026-41336 . Local access is required to approach this attack. No exploit exists. It is advisable to upgrade the affected component.