A vulnerability, which was classified as critical , was found in OpenClaw up to 2026.3.1 . This vulnerability affects unknown code of the component Environment Variable Handler . The manipulation results in server-side request forgery. This vulnerability is identified as CVE-2026-22181 . The attack can be executed remotely. There is not any exploit available. You should upgrade the affected component.