EUVD-2026-21436

🗓️ 10 Apr 2026 16:03:10Reported by EUVDType

OpenClaw vulnerability allows code execution via crafted .npmrc overriding git during npm install.

Reporter	Title	Published	Views	Family All 13
ATTACKERKB	CVE-2026-35641	10 Apr 202616:03	–	attackerkb
Circl	CVE-2026-35641	30 Mar 202618:52	–	circl
CNNVD	OpenClaw 安全漏洞	10 Apr 202600:00	–	cnnvd
CVE	CVE-2026-35641	10 Apr 202616:03	–	cve
Cvelist	CVE-2026-35641 OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installation	10 Apr 202616:03	–	cvelist
Github Security Blog	OpenClaw has an Arbitrary Malicious Code Execution Vulnerability	30 Mar 202618:52	–	github
NVD	CVE-2026-35641	10 Apr 202617:17	–	nvd
OSV	GHSA-M3MH-3MPG-37HW OpenClaw has an Arbitrary Malicious Code Execution Vulnerability	30 Mar 202618:52	–	osv
OSV	MINI-6VCP-HX65-V883	14 Apr 202615:00	–	osv
Positive Technologies	PT-2026-31957	30 Mar 202600:00	–	ptsecurity

[
  {
    "enisaIdVendor": [
      {
        "id": "5e6dbbc1-1642-34a2-89d9-680a63cc7af9",
        "vendor": {
          "name": "OpenClaw"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "02c5e3b5-27ee-3eaf-b8a9-f6c3a1d50a61",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": "0 <2026.3.24"
      },
      {
        "id": "5e6dbbc1-1642-34a2-89d9-680a63cc7af9",
        "product": {
          "name": "OpenClaw"
        },
        "product_version": ""
      }
    ]
  }
]

Source	Link
github	www.github.com/openclaw/openclaw/security/advisories/GHSA-m3mh-3mpg-37hw
vulncheck	www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-npmrc-in-local-plugin-hook-installation

10 Apr 2026 16:03Current

6.4Medium risk

Vulners AI Score6.4

CVSS 48.4

CVSS 3.17.8

EPSS0.0001