Integrity Verification Flaw in OpenClaw Plugin Packages
CVE-2026-42428

7.5HIGH

Key Information:

Vendor: Openclaw
Status: Openclaw
Vendor: CVE Published:; 28 April 2026

What is CVE-2026-42428?

OpenClaw versions prior to 2026.4.8 are vulnerable due to a lack of integrity verification in downloaded plugin archives. This oversight allows attackers to install malicious or altered plugin packages without detection, posing a risk to the security of the local assistant environment. Users are advised to update to the latest version to mitigate this serious threat.

Affected Version(s)

OpenClaw 0 < 2026.4.8

OpenClaw 2026.4.8

References

https://github.com/openclaw/openclaw/security/advisories/...

vendor-advisory

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5f...

patch

https://www.vulncheck.com/advisories/openclaw-missing-int...

third-party-advisory

CVSS V4

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2026
Vulnerability Reserved
Apr 27, 2026

Credit

KEXNA (@kexinoh)

CVE-2026-42428 Data

JSON

Openclaw

What is CVE-2026-42428?

Affected Version(s)

References

CVSS V4

Timeline

Credit