PT-2026-32208 · Npm · Openclaw
Publicado
2026-04-02
·
Atualizado
2026-04-02
CVSS v3.1
4.6
Média
| Vetor | AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
Summary
Security Scan Failure Does Not Block Plugin Installation (Fail-Open)
Current Maintainer Triage
- Status: open
- Normalized severity: low
- Assessment: Real in shipped v2026.3.28 plugin install flow, but low severity fits because it still requires an operator to choose installation of an untrusted package and the scan failure was visible rather than silent.
Affected Packages / Versions
- Package:
openclaw(npm) - Latest published npm version:
2026.3.31 - Vulnerable version range:
<=2026.3.28 - Patched versions:
>= 2026.3.31 - First stable tag containing the fix:
v2026.3.31
Fix Commit(s)
7a953a52271b9188a5fa830739a4366614ff9916— 2026-03-30T15:36:08+01:0044b993613601280d46a5b88190e46669fc13d669— 2026-03-31T23:16:11+09:000d7f1e2c84eca65df7dee890d9c30e2a841c030a— 2026-03-31T23:27:20+09:00bf96c67fd1954740aeabfadc7cfe3098bcfc6b68— 2026-03-31T15:53:29+01:00
OpenClaw thanks @davidluzsilva for reporting.
Correção
Improper Check for Exceptional Conditions
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Openclaw