Lucene search
K

5 matches found

NVD
NVD
added 2026/04/28 7:37 p.m.5 views

CVE-2026-42428

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...

7.5CVSS0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.14 views

CVE-2026-42432

OpenClaw vulnerable component: the node-pairing flow in the OpenClaw npm package allows a previously paired node to reconnect and run exec-capable commands without operator.admin re-pair authentication, enabling local privilege escalation. Affected versions include

7.8CVSS5.9AI score0.00131EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/28 6:10 p.m.27 views

CVE-2026-42428 OpenClaw < 2026.4.8 - Missing Integrity Verification in Package Downloads

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...

7.5CVSS0.00139EPSS
Exploits0References3
CVE
CVE
added 2026/04/28 6:10 p.m.8 views

CVE-2026-42428

OpenClaw is affected. OpenClaw versions before 2026.4.8 do not enforce integrity verification for downloaded plugin archives, enabling attackers to install malicious or tampered plugins in the local assistant environment. The CVE description and related advisories (GHSA-3VVQ-Q2QC-7RMP) specify af...

7.5CVSS5.2AI score0.00139EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/04/28 6:10 p.m.5 views

EUVD-2026-26130

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...

7.5CVSS5.2AI score0.00139EPSS
Exploits0References3
Rows per page
Query Builder