CVE-2026-32920
CVE-2026-32920 : OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, enabling arbitrary code execution. Attackers can place crafted workspace plugins in cloned repositories that execute when a user runs OpenClaw from ...