CVE-2026-32920
Published: 31 March 2026
Summary
CVE-2026-32920 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.4 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 4.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-10 (Software Usage Restrictions) and CM-11 (User-installed Software).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires software components such as plugins to be digitally or cryptographically signed prior to execution, directly preventing loading of untrusted, unsigned malicious plugins from the .OpenClaw/extensions/ directory.
Enforces a deny-all, permit-by-exception policy limiting execution to authorized software only, blocking malicious plugins from running even if discovered and loaded.
Prohibits or restricts user installation of unverified software, preventing attackers from placing crafted malicious plugins in cloned repository directories for automatic loading.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary code execution via auto-loading of untrusted workspace plugins (CWE-829) when the victim runs the application; directly maps to client application exploitation (T1203) triggered by user action on a malicious file/plugin (T1204.002).
NVD Description
OpenClaw before 2026.3.12 automatically discovers and loads plugins from .OpenClaw/extensions/ without explicit trust verification, allowing arbitrary code execution. Attackers can execute malicious code by including crafted workspace plugins in cloned repositories that execute when users run OpenClaw from the directory.
Deeper analysisAI
CVE-2026-32920 is a high-severity vulnerability in OpenClaw versions prior to 2026.3.12, where the software automatically discovers and loads plugins from the .OpenClaw/extensions/ directory without performing explicit trust verification. This inclusion of functionality from an untrusted control sphere, mapped to CWE-829, enables arbitrary code execution. The issue carries a CVSS v3.1 base score of 8.4 (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and was published on 2026-03-31.
Attackers can exploit this vulnerability by embedding crafted malicious workspace plugins within cloned repositories. A victim who clones such a repository and subsequently runs OpenClaw from that directory will trigger automatic loading and execution of the malicious plugins. Exploitation requires only local access to the system with low attack complexity, no privileges, and no user interaction, potentially granting the attacker full control over the process with high impacts on confidentiality, integrity, and availability.
Mitigation guidance is available in the official advisories, including the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-99qw-6mr3-36qr and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-auto-discovery-of-workspace-plugins. Upgrading to OpenClaw 2026.3.12 or later resolves the vulnerability by addressing the untrusted plugin loading mechanism.
Details
- CWE(s)