Description
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.
Published: 2026-05-05
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw prior to version 2026.4.9 allows an authentication bypass whereby untrusted workspace plugins can be automatically enabled during non‑interactive onboarding when provider authentication choices are shadowed. An attacker can craft a malicious plugin that is selected and activated without the user’s explicit consent, effectively granting the plugin undeserved execution rights. This bypass of user approval constitutes a breach of integrity and can lead to covert code execution within the trusted environment.

Affected Systems

The vulnerability affects the OpenClaw open‑source project, specifically all releases older than 2026.4.9. Users running those versions are exposed to the risk of malicious workspace plugins being enabled automatically during onboarding.

Risk and Exploitability

The CVSS score of 7.7 indicates a high severity of this flaw. No EPSS score is available, and the vulnerability is not listed in CISA’s KEV catalog, implying that widespread, documented exploitation has not yet been observed. The likely attack vector is remote: an attacker who can deliver a malicious plugin to a user’s workspace will trigger auto‑enablement during the provider authentication process, potentially compromising the workspace without user awareness. The impact is significant because it permits execution of an untrusted module, aligning with CWE‑829.

Generated by OpenCVE AI on May 5, 2026 at 12:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to OpenClaw 2026.4.9 or later.
  • Configure the system to reject or flag automatic activation of untrusted plugins in non‑interactive onboarding, ensuring explicit user approval is required.
  • Audit the current set of enabled plugins, identify any that may have been auto‑enabled by this flaw, and remove or replace them.

Generated by OpenCVE AI on May 5, 2026 at 12:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-939r-rj45-g2rj OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins
History

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.
Title OpenClaw < 2026.4.9 - Untrusted Provider Plugin Auto-enablement via Workspace Provider Auth
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T11:25:10.308Z

Reserved: 2026-05-01T16:58:23.117Z

Link: CVE-2026-43569

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T12:16:20.493

Modified: 2026-05-05T19:32:49.650

Link: CVE-2026-43569

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:15:15Z

Weaknesses