A vulnerability identified as problematic has been detected in OpenClaw up to 2026.3.21 . This vulnerability affects unknown code of the file host-env-security-policy.json of the component Environment Variable Handler . Performing a manipulation results in permissive list of allowed inputs. This vulnerability was named CVE-2026-41387 . The attack needs to be approached locally. There is no available exploit. You should upgrade the affected component.