CVE-2026-43569

HighPublic PoC

Published: 05 May 2026

Published

05 May 2026

Modified

05 May 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0007 20.5th percentile

Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during…

authentication setup without explicit user consent.

Mitigating Controls (NIST 800-53 r5)AI

AC-14 Permitted Actions Without Identification or Authentication good match

prevent

Explicitly identifies and restricts system actions like auto-enabling untrusted workspace plugins without identification and authentication during onboarding.

CM-11 User-installed Software good match

prevent

Establishes policies and mechanisms to govern and prevent the installation or auto-enablement of untrusted workspace plugins without authorization.

SI-3 Malicious Code Protection partial match

preventdetect

Deploys malicious code protection at entry points to scan and block crafted malicious workspace plugins from being enabled and executed.

Security SummaryAI

CVE-2026-43569, published on 2026-05-05, is an authentication bypass vulnerability (CWE-829) affecting OpenClaw versions before 2026.4.9. The issue enables untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed, circumventing explicit user consent requirements.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating network accessibility, low attack complexity, no required privileges, and user interaction. Attackers without prior access can craft malicious workspace plugins that are automatically selected and enabled during authentication setup, achieving high impacts on confidentiality, integrity, and availability through unauthorized plugin execution.

OpenClaw 2026.4.9 resolves the vulnerability, with the patching commit available at https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d. Further mitigation details appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth.

Details

CWE(s): CWE-829

MITRE ATT&CK Enterprise TechniquesAI

T1176.002 IDE Extensions Persistence

Adversaries may abuse an integrated development environment (IDE) extension to establish persistent access to victim systems.

attack.mitre.org →

T1195.001 Compromise Software Dependencies and Development Tools Initial Access

Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.

attack.mitre.org →

Why these techniques?

Vulnerability enables automatic loading/execution of attacker-crafted untrusted workspace plugins (bypassing consent checks) during onboarding, directly facilitating malicious IDE/workspace extension abuse and untrusted dependency/plugin inclusion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

References

https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d
disclosure@vulncheck.com
https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj
disclosure@vulncheck.com
https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth
disclosure@vulncheck.com