DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-99QW-6MR3-36QR: GHSA-99QW-6MR3-36QR: Remote Code Execution via Malicious Workspace Plugins in OpenClaw

#security #cve #cybersecurity #ghsa

GHSA-99QW-6MR3-36QR: Remote Code Execution via Malicious Workspace Plugins in OpenClaw

Vulnerability ID: GHSA-99QW-6MR3-36QR
CVSS Score: 9.6
Published: 2026-03-13

OpenClaw, an open-source AI agent platform, contains a critical vulnerability in its plugin auto-discovery mechanism. The platform implicitly trusts and executes code located within the .openclaw/extensions/ directory of any opened workspace. This behavior allows an attacker to achieve arbitrary code execution by convincing a user to clone and open a maliciously crafted repository.

TL;DR

A critical RCE vulnerability in OpenClaw allows attackers to execute arbitrary code on a user's machine by hiding a malicious plugin inside a repository's .openclaw/extensions/ directory, which the platform automatically loads and executes without user consent.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-427, CWE-829, CWE-1188
  • Attack Vector: Network (Supply Chain)
  • CVSS Score: 9.6 (Critical)
  • Impact: Arbitrary Code Execution
  • Exploit Status: Proof of Concept Available
  • Fixed Version: v2026.3.12

Affected Systems

  • OpenClaw Platform
  • Developer Workstations
  • OpenClaw: < v2026.3.12 (Fixed in: v2026.3.12)

Mitigation Strategies

  • Upgrade to OpenClaw v2026.3.12 or later
  • Implement Workspace Trust policies similar to modern IDEs
  • Audit existing cloned repositories for hidden .openclaw/extensions/ directories
  • Educate developers on the risks of opening untrusted workspaces

Remediation Steps:

  1. Identify all workstations running OpenClaw.
  2. Update the OpenClaw application to version v2026.3.12.
  3. Run a filesystem search for .openclaw/extensions/ across all developer directories to identify potential compromise.
  4. If a malicious directory is found, rotate all local credentials (AWS, SSH, Git) immediately.

References

Read the full report for GHSA-99QW-6MR3-36QR on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)