Description
OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory.
Published: 2026-04-28
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

OpenClaw uses workspace .env files to configure the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, which the application relies on to locate the trusted plugin directory. The vulnerability allows an attacker who controls these .env files to overwrite the variable, directing the software to a malicious directory. This bypasses the built‑in plugin trust verification and permits loading arbitrary plugins that can execute code within the workspace context, corresponding to CWE‑829.

Affected Systems

All releases of OpenClaw before version 2026.3.31 are affected. The product impacted is the OpenClaw application itself; any installation that processes workspace .env files without additional safeguards is susceptible.

Risk and Exploitability

The CVSS score of 8.5 signals a high‑severity flaw. The EPSS score is not available, and the vulnerability is not listed in the CISA KEV catalog, so current exploitation likelihood is uncertain. Based on the description, the likely attack vector is local modification of workspace .env files by an attacker who has access to the workspace configuration. By setting or altering the OPENCLAW_BUNDLED_PLUGINS_DIR variable, the attacker can cause the application to load untrusted plugins and execute arbitrary code.

Generated by OpenCVE AI on April 28, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.31 or later.
  • If an upgrade is not yet possible, delete or rename any workspace .env files that could override OPENCLAW_BUNDLED_PLUGINS_DIR so the trust root defaults to the bundled location.
  • Ensure that any environment variable named OPENCLAW_BUNDLED_PLUGINS_DIR is not set by workspace configuration and, if possible, explicitly set it to the application’s default or unset it entirely.

Generated by OpenCVE AI on April 28, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 28 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_PLUGINS_DIR environment variable, compromising plugin trust verification. Attackers with control over workspace configuration can inject malicious plugins by overriding the bundled plugin trust root directory.
Title OpenClaw < 2026.3.31 - Environment Variable Override of Plugin Trust Root
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.5, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-28T18:09:55.591Z

Reserved: 2026-04-20T14:13:45.349Z

Link: CVE-2026-41396

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-28T19:37:43.013

Modified: 2026-04-28T20:10:23.367

Link: CVE-2026-41396

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:15:43Z

Weaknesses