Security Advisory – 21 Apr 2026

Security fixes and advisories that landed overnight. One advisory is included in this update. The item below covers an OpenClaw issue that affects startup configuration handling. Updated 21 Apr 2026 00:16 GMT.

Top items

NIST

CVE-2026-41294

OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration. That lets an attacker place a malicious .env file in a repository or workspace and override runtime configuration and security-sensitive environment settings during startup.

  • Published: 21 Apr 2026 00:16 GMT
  • CVEs: CVE-2026-41294
  • Notes: environment variable injection

Related posts

n8n | n8n@2.28.7

n8n 2 28 7: pins langgraph and langgraph checkpoint to fix broken npm installs, low risk bug fix, upgrade recommended for npm and CI users

Agentic AI still needs domain judgement

Agentic AI can write the thing, but it still cannot tell you whether the thing is right. That is where domain expertise matters, because a clean config or neat bit of glue logic can still be wrong in...

Weekly Tech Digest | 06 Jul 2026

Stay updated with the latest in tech! This digest covers AI ethics, auto industry shifts, and the impact of politics on technology, exploring today's pressing issues.