OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attacke…

OpenClaw versions before 2026.3.28 contain a vulnerability where the application loads .env files from the current working directory before loading trusted state-dir configuration. This allows attackers to perform environment variable injection by placing malicious .env files in repositories or workspaces. The vulnerability enables attackers to override runtime configuration and security-sensitive environment settings during OpenClaw startup, potentially compromising the application's security posture.