CVE-2026-42427 - OpenClaw < 2026.4.8 - Remote Code Execution via Build Tool Environment Variable Injection
CVE ID :CVE-2026-42427 Published : April 28, 2026, 6:10 p.m. | 1 hour, 12 minutes ago Description :OpenClaw before 2026.4.8 contains a remote code execution vulnerability caused by missing environment variable denylist entries for HGRCPATH, CARGO_BUILD_RUSTC_WRAPPER, RUSTC_WRAPPER, and MAKEFLA
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Broken VECT 2.0 ransomware acts as a data wiper for large files
- [CYBER] 'They can’t block the sky': Inside an ingenious satellite TV hack bypassing Iran’s internet blackout — when the web goes dark, activists are smuggling gigabytes of data through ordinary television signals to keep the Iranian people connected to the world
- [CYBER] Hackers are exploiting a critical LiteLLM pre-auth SQLi flaw
- [CYBER] The Return of the Security Brain: How LLMs Are Reshaping the Way We Practice Security
- [CYBER] Tips for passing CKAD exam at 1st attempt (2026 Edition)
- [CYBER] Built a simple security audit process for small businesses. Would appreciate feedback from security professionals