PT-2026-29228 · Openclaw · Openclaw
Lintsinghua
·
Published
2026-03-13
·
Updated
2026-03-31
·
CVE-2026-32920
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.12
Description
OpenClaw automatically discovers and loads plugins from the
.OpenClaw/extensions/ directory without verifying their trustworthiness, which can lead to arbitrary code execution. An attacker can exploit this by including malicious workspace plugins in cloned repositories. When a user runs OpenClaw from such a directory, the malicious code is executed. The application automatically ingests extensions from the .OpenClaw/extensions/ path, increasing the risk of arbitrary code execution as malicious code could be executed without verification.Recommendations
Update OpenClaw to version 2026.3.12 or later.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw