CVE-2026-35641
Published: 10 April 2026
Summary
CVE-2026-35641 is a high-severity Acceptance of Extraneous Untrusted Data With Trusted Data (CWE-349) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 0.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely remediation of the specific flaw in OpenClaw's plugin and hook installation process by upgrading to version 2026.3.24 or later, directly eliminating the .npmrc git override vulnerability.
Enforces organizational policies to restrict or block user installation of plugins and hooks, preventing the npm install execution in directories containing attacker-crafted malicious .npmrc files.
Deploys malicious code protection mechanisms at system entry points to detect and eradicate arbitrary code execution triggered by the overridden git executable during vulnerable npm install processes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables arbitrary code execution on the local system by exploiting a flaw in OpenClaw's plugin/hook installation process, where a crafted .npmrc overrides the git executable during npm install (with user interaction required), directly facilitating exploitation for client execution.
NVD Description
OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package…
more
directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file.
Deeper analysisAI
CVE-2026-35641 is an arbitrary code execution vulnerability affecting OpenClaw versions prior to 2026.3.24. The flaw exists in the local plugin and hook installation process, where attackers can craft a .npmrc file to override the git executable. This configuration is abused during npm install execution within the staged package directory, particularly when git dependencies are present, enabling the execution of arbitrary programs specified in the attacker-controlled .npmrc file. The vulnerability is rated 7.8 (High) under CVSS 3.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and maps to CWE-349 (Acceptance of Extraneous Untrusted Data With Trusted Path).
A local attacker can exploit this vulnerability by placing a malicious .npmrc file in a location accessible during plugin or hook installation. No privileges are required (PR:N), but the attack demands local access (AV:L) and user interaction (UI:R), such as a user triggering an npm install in the affected directory. Successful exploitation leads to full arbitrary code execution with high impacts on confidentiality, integrity, and availability, allowing the attacker to run malicious programs on the victim's system.
Advisories from the OpenClaw GitHub security page (GHSA-m3mh-3mpg-37hw) and VulnCheck detail the issue and recommend upgrading to OpenClaw 2026.3.24 or later, where the vulnerability is addressed. Practitioners should review these references for full patch details and verify installations to prevent exploitation via malicious plugins or hooks.
Details
- CWE(s)