Severity: Critical
CVSS Score: 9.7
## Summary Host exec env override sanitization did not fail closed for several package-manager and related redirect variables that can steer dependency fetches or startup behavior. ## Impact An approved exec request could silently redirect package resolution or runtime bootstrap to attacker-controlled infrastructure and execute trojanized content. ## Affected Component `src/infra/host-env-security-policy.json, src/infra/host-env-security.ts` ## Fixed Versions - Affected: `< 2026.3.22` - Patched: `>= 2026.3.22` ## Fix Fixed by commit `7abfff756d` (`Exec: harden host env override handling across gateway and node`).