CVE-2026-43569
Published: 05 May 2026
Summary
CVE-2026-43569 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique IDE Extensions (T1176.002); ranked at the 22.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-11 (User-installed Software).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Explicitly identifies and restricts system actions like auto-enabling untrusted workspace plugins without identification and authentication during onboarding.
Establishes policies and mechanisms to govern and prevent the installation or auto-enablement of untrusted workspace plugins without authorization.
Deploys malicious code protection at entry points to scan and block crafted malicious workspace plugins from being enabled and executed.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables automatic loading/execution of attacker-crafted untrusted workspace plugins (bypassing consent checks) during onboarding, directly facilitating malicious IDE/workspace extension abuse and untrusted dependency/plugin inclusion.
NVD Description
OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during…
more
authentication setup without explicit user consent.
Deeper analysisAI
CVE-2026-43569, published on 2026-05-05, is an authentication bypass vulnerability (CWE-829) affecting OpenClaw versions before 2026.4.9. The issue enables untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed, circumventing explicit user consent requirements.
The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating network accessibility, low attack complexity, no required privileges, and user interaction. Attackers without prior access can craft malicious workspace plugins that are automatically selected and enabled during authentication setup, achieving high impacts on confidentiality, integrity, and availability through unauthorized plugin execution.
OpenClaw 2026.4.9 resolves the vulnerability, with the patching commit available at https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d. Further mitigation details appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth.
Details
- CWE(s)