5 matches found
CVE-2026-42428
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...
CVE-2026-42432
OpenClaw vulnerable component: the node-pairing flow in the OpenClaw npm package allows a previously paired node to reconnect and run exec-capable commands without operator.admin re-pair authentication, enabling local privilege escalation. Affected versions include
CVE-2026-42428 OpenClaw < 2026.4.8 - Missing Integrity Verification in Package Downloads
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...
CVE-2026-42428
OpenClaw is affected. OpenClaw versions before 2026.4.8 do not enforce integrity verification for downloaded plugin archives, enabling attackers to install malicious or tampered plugins in the local assistant environment. The CVE description and related advisories (GHSA-3VVQ-Q2QC-7RMP) specify af...
EUVD-2026-26130
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment...