{"data":{"id":"0affbf1e-9ad9-49f4-aa2c-b7cf536edd41","title":"GHSA-cm8v-2vh9-cxf3: OpenClaw: GIT_DIR and related git plumbing env vars missing from exec env denylist (GHSA-m866-6qv5-p2fg variant)","summary":"OpenClaw, a local AI assistant tool, had a security flaw where Git environment variables (special settings that control how Git works) were not being removed before running system commands, potentially allowing attackers to redirect Git operations to malicious locations. This vulnerability affected OpenClaw versions up to 2026.3.30.","solution":"Update OpenClaw to version 2026.4.8 or later, which patches the vulnerability by properly removing Git plumbing environment variables before executing host commands.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-cm8v-2vh9-cxf3","publishedAt":"2026-04-09T20:28:32.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":"low","severity":"low","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":["openclaw@< 2026.4.8 (fixed: 2026.4.8)"],"affectedVendors":[],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":true,"disclosureDate":"2026-04-09T20:28:32.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}