Description
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading.
Published: 2026-05-05
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw before version 2026.4.10 contains a plugin trust bypass that allows the channel setup catalog to resolve workspace plugin shadows before the bundled channel plugins. This flaw means that an attacker can craft a malicious workspace plugin that is loaded during setup with elevated trust, potentially enabling the execution of untrusted code within the channel setup process. The weakness is categorized as CWE-829.

Affected Systems

The affected product is OpenClaw, with any release earlier than 2026.4.10. It uses a Node.js environment. No other vendor or product details are listed beyond the OpenClaw product line.

Risk and Exploitability

The CVSS score of 7.7 reflects a high severity risk, but the EPSS score is not provided, so the current exploit probability is unknown. The vulnerability is not listed in the CISA KEV catalog. Exploit would likely involve an attacker feeding a malicious workspace plugin into a channel that is being set up, causing the plugin loader to execute that plugin before loading the safe bundled plugins. The attack vector is inferred to require an ability to modify or place files in the workspace plugin directory, which could be achieved with local or remote access that allows such modifications.

Generated by OpenCVE AI on May 5, 2026 at 12:50 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.10 or newer to apply the plugin resolution fix.
  • Verify that workspace plugin shadows are no longer processed before bundled channel plugins by reviewing the release notes and configuration.
  • Restrict file system permissions on the workspace plugin directories to trusted users only, preventing unauthorized plugin installation.
  • Disable or remove the untrusted workspace plugin feature if it is not required for your deployment.

Generated by OpenCVE AI on May 5, 2026 at 12:50 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-82qx-6vj7-p8m2 OpenClaw: Channel setup catalog lookups could include untrusted workspace plugin shadows
History

Tue, 05 May 2026 12:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Tue, 05 May 2026 11:45:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time plugin loading.
Title OpenClaw < 2026.4.10 - Untrusted Workspace Plugin Shadow Resolution in Channel Setup
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-829
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-05T11:58:58.628Z

Reserved: 2026-05-01T16:58:23.117Z

Link: CVE-2026-43571

cve-icon Vulnrichment

Updated: 2026-05-05T11:58:53.412Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-05T12:16:20.880

Modified: 2026-05-05T19:32:49.650

Link: CVE-2026-43571

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-05T13:15:15Z

Weaknesses