OpenClaw (also known as Moltbot or Clawdbot) is a self-hosted personal AI assistant that integrates with various messaging platforms and mobile or desktop operating systems to provide voice and text interactions. The architecture separates the control plane from the assistant, allowing users to host the technology on their own devices while utilizing live canvas rendering.

OpenClaw (formerly Moltbot or Clawdbot)

OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-41329	CRITICAL	9	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 21, 2026
CVE-2026-41303	HIGH	8.7	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 21, 2026
CVE-2026-41331	MEDIUM	6.9	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 21, 2026
CVE-2026-41302	MEDIUM	4.8	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 21, 2026
CVE-2026-41330	LOW	2	OpenClaw (formerly Moltbot or Clawdbot)	openclaw	No	Yes	Apr 21, 2026

CVE-2026-41330:
OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation

2

Related OpenClaw (formerly Moltbot or Clawdbot) vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2026-41330: OpenClaw (formerly Moltbot or Clawdbot) vulnerability analysis and mitigation