CVE-2026-41915 — OpenClaw before 2026.4.8 fails to remove git plumbing environment variables from the execution environment before host exec operations. Attackers can exploit this by setting GIT_DIR and related variab — CVE Database · The Intelligence Room