4 matches found
CVE-2026-35641
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...
CVE-2026-35641
OpenClaw before 2026.3.24 is affected by an arbitrary code execution vulnerability in local plugin and hook installation. An attacker can craft a .npmrc file with a git executable override, and during npm install in the staged package directory, trigger execution of arbitrary programs from attack...
EUVD-2026-21436
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can...
PT-2026-31957
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.24 Description OpenClaw versions before 2026.3.24 contain an arbitrary code execution vulnerability during local plugin and hook installation. Attackers can exploit this by crafting a malicious .npmrc file wit...