OpenClaw versions earlier than 2026.4.23 allow an attacker to cause the program to execute arbitrary JavaScript code by placing a crafted extensions/<plugin>/setup-api.js file in a repository and then running OpenClaw commands from that directory. During provider setup metadata resolution the bundled plugin resolver loads setup-api.js from the current working directory without validation, giving the code full access to the user’s runtime environment. The consequence is that any user who runs OpenClaw in a directory containing a malicious setup file will unknowingly execute attacker code under their own user account, potentially compromising confidentiality, integrity, or availability of the local system.

The CVE affects the OpenClaw product from the OpenClaw vendor. All installations of OpenClaw that use a version older than 2026.4.23 are vulnerable. The vulnerability is tied to the Node.js runtime that OpenClaw bundles, and it applies to every environment where OpenClaw uses that bundled runtime.

The CVSS v3.1 score is 8.4, indicating a high severity risk. EPSS is not available, so a specific exploitation probability cannot be quantified, and the vulnerability is not listed in the CISA KEV catalog. The likely attack path requires an attacker to supply a malicious repository and persuade a user to execute OpenClaw commands from that directory. Once executed, the attacker can run arbitrary JavaScript and therefore take full control of the executing user’s session. If a user is running commands as a privileged account, the impact escalates to system‑wide compromise.