Ghostwire

CVE-2026-42428: OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can...

HIGH CVSS 7.5

Published: April 28, 2026 | Last Modified: April 28, 2026

Description

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.

Ghostwire Analysis — What This Means Practically

High CVSS score indicates significant risk — exploitation could lead to substantial data exposure or system compromise.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (2 articles)

References

www.tenable.com/cve/CVE-2026-42428
www.cnnvd.org.cn/home/globalSearch?keyword=CVE-2026-42428