CVE ID :CVE-2026-41294 Published : April 20, 2026, 11:08 p.m. | 1 hour, 7 minutes ago Description :OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup. Severity: 8.6 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...