Description
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.
Published: 2026-03-31
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote code execution via untrusted workspace plugins
Action: Immediate Patch
AI Analysis

Impact

OpenClaw automatically loads plugins from the ".OpenClaw/extensions/" directory whenever a workspace is opened. This loading occurs without a trust or verification step, allowing a malicious actor to place a crafted plugin in a repository that is cloned locally. When a user opens that workspace with OpenClaw, the plugin executes, giving the attacker the ability to run arbitrary code on the victim’s machine, thereby compromising confidentiality, integrity and availability.

Affected Systems

All OpenClaw installations released prior to version 2026.3.12 are vulnerable. The flaw is present in all builds that employ the automatic discovery of workspace plugins without trust validation.

Risk and Exploitability

With a CVSS score of 8.6, the vulnerability is categorized as high severity. The EPSS score is not provided, so the current exploit likelihood is uncertain; however, because the attack only requires a local repository containing malicious plugins, it can be executed by anyone who can influence the contents of a user's cloned workspace. The flaw is not listed in the CISA KEV catalog, but its potential for remote code execution makes it a high‑risk issue that can be exploited in environments where user-trusted plugins are not properly validated.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.12 or newer, where plugin discovery is guarded by a trust verification step.

Generated by OpenCVE AI on March 31, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 31 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Tue, 31 Mar 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.
Title OpenClaw < 2026.3.12 - Arbitrary Code Execution via Auto-Discovery of Workspace Plugins
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-31T17:56:31.370Z

Reserved: 2026-03-16T21:19:31.965Z

Link: CVE-2026-32920

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T12:16:28.727

Modified: 2026-03-31T18:16:51.350

Link: CVE-2026-32920

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-31T20:39:09Z

Weaknesses