CVE-2026-43569

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.9

Description An authentication bypass allows untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed. This occurs because the system could select a provider authentication choice shadowed by an untrusted workspace plugin, enabling the plugin during authentication setup without explicit user consent.

Recommendations Update to version 2026.4.9 or newer.