CVE-2026-32920

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.12

Description OpenClaw automatically discovers and loads plugins from the .OpenClaw/extensions/ directory without verifying their trustworthiness, which can lead to arbitrary code execution. An attacker can exploit this by including malicious workspace plugins in cloned repositories. When a user runs OpenClaw from such a directory, the malicious code is executed. The application automatically ingests extensions from the .OpenClaw/extensions/ path, increasing the risk of arbitrary code execution as malicious code could be executed without verification.

Recommendations Update OpenClaw to version 2026.3.12 or later.