A vulnerability labeled as problematic has been found in OpenClaw up to 2026.3.30 . The impacted element is an unknown function of the component Environment Variable Handler . The manipulation of the argument OPENCLAW_BUNDLED_PLUGINS_DIR results in inclusion of functionality from untrusted control sphere. This vulnerability was named CVE-2026-41396 . The attack needs to be approached locally. There is no available exploit. The affected component should be upgraded.