Vulnerability Description
OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.3.31 |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841cPatch
- https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13Patch
- https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ffPatch
- https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfcPatch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4Vendor Advisory
- https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-Third Party Advisory
FAQ
What is CVE-2026-41377?
CVE-2026-41377 is a vulnerability with a CVSS score of 4.6 (MEDIUM). OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untr...
How severe is CVE-2026-41377?
CVE-2026-41377 has been rated MEDIUM with a CVSS base score of 4.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-41377?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.