Cyber Posture

CVE-2026-43571

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
05 May 2026
KEV Added
Patch
CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0004 11.9th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Description

OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time…

more

plugin loading.

Mitigating Controls (NIST 800-53 r5)AI

CM-11 User-installed Software good match
prevent

CM-11 directly mitigates the vulnerability by establishing and enforcing policies restricting user-installed software, preventing malicious workspace plugins from being loaded and bypassing trust gates.

CM-14 Signed Components good match
prevent

CM-14 requires verification of digital signatures for software modules like plugins prior to installation or loading, blocking unsigned or tampered workspace plugin shadows.

SI-7 Software, Firmware, and Information Integrity good match
preventdetect

SI-7 employs integrity verification mechanisms for software components during execution and loading, detecting and preventing unauthorized shadowing by malicious workspace plugins.

Security SummaryAI

CVE-2026-43571 is a plugin trust bypass vulnerability affecting OpenClaw versions before 2026.4.10. The issue arises during channel setup catalog lookups, which resolve workspace plugin shadows before bundled channel plugins, enabling malicious workspace plugins to bypass intended trust gates at setup-time plugin loading. Classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

Attackers with low privileges (PR:L) can exploit this vulnerability over the network without user interaction. By crafting malicious workspace plugins, they bypass trust controls during plugin loading, potentially leading to high-impact compromise including unauthorized access to sensitive data (C:H), modification of system behavior (I:H), and disruption of services (A:H).

Mitigation details are available in official advisories and the patch commit. The GitHub security advisory (GHSA-82qx-6vj7-p8m2) and the fix in commit 1fede43b948df40ca8674511d4bd08d39f6c5837 address the issue, with upgrading to OpenClaw 2026.4.10 recommended. Additional analysis is provided in the VulnCheck advisory on untrusted workspace plugin shadow resolution in channel setup.

Details

CWE(s)
CWE-829

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1553 Subvert Trust Controls Defense Impairment
Adversaries may undermine security controls that will either warn users of untrusted activity or prevent execution of untrusted programs.
attack.mitre.org →
Why these techniques?

Vulnerability is a remotely exploitable (AV:N) trust bypass in plugin loading for an application, directly enabling T1190 (Exploit Public-Facing Application) and T1553 (Subvert Trust Controls) via malicious plugin inclusion (CWE-829).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

References