Primary

Context

OpenClaw Missing Integrity Verification Vulnerability in Plugin Downloads

Vulnerability

A vulnerability exists in OpenClaw versions prior to 2026.4.8, where the application fails to properly verify the integrity of downloaded plugin archives. This oversight allows attackers to introduce malicious or altered plugin packages without detection, potentially compromising the local assistant environment.

Impact

Exploitation of this vulnerability could lead to the installation of malicious or tampered plugins, undermining the integrity of the local assistant environment.

Reproduction

The vulnerability can be reproduced by downloading and installing a plugin package from ClawHub using OpenClaw versions prior to 2026.4.8. The absence of integrity verification will allow the installation of malicious or altered plugins without any warning or detection.

Remediation

Users can upgrade to OpenClaw version 2026.4.8 or later, where this vulnerability has been addressed.

Added: Apr 28, 2026, 8:19 PM

Updated: Apr 28, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

6.9

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.3

remediation

0.0

relevance

6.9

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Missing Integrity Verification Vulnerability in Plugin Downloads

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating