Description
OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted.
Published: 2026-04-20
Score: 8.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Untrusted in‑process code execution via workspace channel shadows
Action: Immediate Patch
AI Analysis

Impact

OpenClaw products prior to version 2026.4.2 contain an improper trust boundary flaw that allows an untrusted workspace channel shadow to be executed during built‑in channel setup and login. An attacker can clone a workspace and include a malicious plug‑in that claims a bundled channel ID, causing the code to run in the process before the plug‑in is explicitly trusted. The impact is that arbitrary code runs with the same privileges as the OpenClaw application, potentially compromising confidentiality, integrity, and availability of the system on which OpenClaw is installed.

Affected Systems

All OpenClaw installations running versions older than 2026.4.2 are vulnerable. The affected product is the OpenClaw application distributed by OpenClaw, available for Node.js environments.

Risk and Exploitability

The CVSS score of 8.5 classifies this flaw as High severity, and the lack of an EPSS score means the likelihood of exploitation is undetermined but the vulnerability is well documented. It is not listed in the CISA Known Exploited Vulnerabilities catalog. The most likely attack vector is an attacker who can create or clone a workspace and supply a malicious plug‑in that claims a bundled channel ID, forcing the code to execute during the built‑in channel setup. A successful exploit would allow in‑process code execution prior to the plug‑in being explicitly trusted.

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update OpenClaw to version 2026.4.2 or later
  • If an immediate update is not possible, restrict plug‑in installation to trusted sources and block untrusted workspace channel shadows
  • Monitor for suspicious workspace cloning or plug‑in activity and apply additional logging to detect unauthorized channel setup

Generated by OpenCVE AI on April 21, 2026 at 15:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-2qrv-rc5x-2g2h OpenClaw: Untrusted workspace channel shadows could execute during built-in channel setup
History

Tue, 21 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 20 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted.
Title OpenClaw < 2026.4.2 - Untrusted Workspace Channel Shadow Code Execution during Built-in Channel Setup
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-21T13:35:47.883Z

Reserved: 2026-04-20T14:01:13.151Z

Link: CVE-2026-41295

cve-icon Vulnrichment

Updated: 2026-04-21T13:35:37.177Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-21T00:16:29.803

Modified: 2026-04-27T15:06:44.907

Link: CVE-2026-41295

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T15:45:07Z

Weaknesses
  • CWE-829

    Inclusion of Functionality from Untrusted Control Sphere