OpenClaw Plugin Trust Bypass Vulnerability in Channel Setup

A plugin trust bypass vulnerability has been identified in OpenClaw versions prior to 2026.4.10. This vulnerability allows channel setup catalog lookups to prioritize untrusted workspace plugin shadows over trusted bundled channel plugins. Attackers can exploit this by creating malicious workspace plugins that circumvent the established trust protocols during the plugin loading process.

Impact

Exploitation of this vulnerability could lead to the unauthorized loading of untrusted workspace plugins, bypassing the intended trust verification and potentially allowing malicious actions to be performed during the plugin setup.

Reproduction

The vulnerability can be reproduced by creating a workspace plugin that is designed to exploit the trust bypass. This malicious plugin should be crafted to take advantage of the channel setup process, where it can be loaded before the corresponding trusted bundled plugin. Once the malicious plugin is installed, it can be used to perform any actions that are normally restricted, effectively bypassing the trust system.

Remediation

Users are advised to upgrade to OpenClaw version 2026.4.10 or later. The latest version, 2026.4.14, includes the necessary fix.