Cyber Resilience

CVE-2026-43569

HighPublic PoC

Published: 05 May 2026

Published
05 May 2026
Modified
07 May 2026
KEV Added
Patch
CVSS Score v4 7.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0038 30.0th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-43569 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 7.7 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique IDE Extensions (T1176.002); ranked at the 30.0th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-14 (Permitted Actions Without Identification or Authentication) and CM-11 (User-installed Software).

Deeper analysis

CVE-2026-43569, published on 2026-05-05, is an authentication bypass vulnerability (CWE-829) affecting OpenClaw versions before 2026.4.9. The issue enables untrusted workspace plugins to be automatically enabled during non-interactive onboarding when provider authentication choices are shadowed, circumventing explicit user consent requirements.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating network accessibility, low attack complexity, no required privileges, and user interaction. Attackers without prior access can craft malicious workspace plugins that are automatically selected and enabled during authentication setup, achieving high impacts on confidentiality, integrity, and availability through unauthorized plugin execution.

OpenClaw 2026.4.9 resolves the vulnerability, with the patching commit available at https://github.com/openclaw/openclaw/commit/2d97eae53e212ae26f3aebcd6a50ffc6877f770d. Further mitigation details appear in the GitHub security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-939r-rj45-g2rj and the VulnCheck advisory at https://www.vulncheck.com/advisories/openclaw-untrusted-provider-plugin-auto-enablement-via-workspace-provider-auth.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during…

more

authentication setup without explicit user consent.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1176.002 IDE Extensions Persistence
Adversaries may abuse an integrated development environment (IDE) extension to establish persistent access to victim systems.
T1195.001 Compromise Software Dependencies and Development Tools Initial Access
Adversaries may manipulate software dependencies and development tools prior to receipt by a final consumer for the purpose of data or system compromise.
Why these techniques?

Vulnerability enables automatic loading/execution of attacker-crafted untrusted workspace plugins (bypassing consent checks) during onboarding, directly facilitating malicious IDE/workspace extension abuse and untrusted dependency/plugin inclusion.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-41396Same product: Openclaw Openclaw
CVE-2026-43571Same product: Openclaw Openclaw
CVE-2026-32920Same product: Openclaw Openclaw
CVE-2026-41295Same product: Openclaw Openclaw
CVE-2026-41355Same product: Openclaw Openclaw
CVE-2026-22217Same product: Openclaw Openclaw
CVE-2026-41336Same product: Openclaw Openclaw
CVE-2026-44995Same product: Openclaw Openclaw
CVE-2026-41387Same product: Openclaw Openclaw
CVE-2026-27646Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.4.9

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Explicitly identifies and restricts system actions like auto-enabling untrusted workspace plugins without identification and authentication during onboarding.

prevent

Establishes policies and mechanisms to govern and prevent the installation or auto-enablement of untrusted workspace plugins without authorization.

preventdetect

Deploys malicious code protection at entry points to scan and block crafted malicious workspace plugins from being enabled and executed.

References