CVE-2026-43571
Published: 05 May 2026
Summary
CVE-2026-43571 is a high-severity Inclusion of Functionality from Untrusted Control Sphere (CWE-829) vulnerability in Openclaw Openclaw. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 12.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 CM-11 (User-installed Software) and CM-14 (Signed Components).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
CM-11 directly mitigates the vulnerability by establishing and enforcing policies restricting user-installed software, preventing malicious workspace plugins from being loaded and bypassing trust gates.
CM-14 requires verification of digital signatures for software modules like plugins prior to installation or loading, blocking unsigned or tampered workspace plugin shadows.
SI-7 employs integrity verification mechanisms for software components during execution and loading, detecting and preventing unauthorized shadowing by malicious workspace plugins.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability is a remotely exploitable (AV:N) trust bypass in plugin loading for an application, directly enabling T1190 (Exploit Public-Facing Application) and T1553 (Subvert Trust Controls) via malicious plugin inclusion (CWE-829).
NVD Description
OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace plugin shadows before bundled channel plugins. Attackers can exploit this by crafting malicious workspace plugins that bypass intended trust gates during setup-time…
more
plugin loading.
Deeper analysisAI
CVE-2026-43571 is a plugin trust bypass vulnerability affecting OpenClaw versions before 2026.4.10. The issue arises during channel setup catalog lookups, which resolve workspace plugin shadows before bundled channel plugins, enabling malicious workspace plugins to bypass intended trust gates at setup-time plugin loading. Classified under CWE-829 (Inclusion of Functionality from Untrusted Control Sphere), it carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.
Attackers with low privileges (PR:L) can exploit this vulnerability over the network without user interaction. By crafting malicious workspace plugins, they bypass trust controls during plugin loading, potentially leading to high-impact compromise including unauthorized access to sensitive data (C:H), modification of system behavior (I:H), and disruption of services (A:H).
Mitigation details are available in official advisories and the patch commit. The GitHub security advisory (GHSA-82qx-6vj7-p8m2) and the fix in commit 1fede43b948df40ca8674511d4bd08d39f6c5837 address the issue, with upgrading to OpenClaw 2026.4.10 recommended. Additional analysis is provided in the VulnCheck advisory on untrusted workspace plugin shadow resolution in channel setup.
Details
- CWE(s)