GHSA-99QW-6MR3-36QR: GHSA-99QW-6MR3-36QR: Remote Code Execution via Malicious Workspace Plugins in OpenClaw
CVSS Score: 9.6 Published: 2026-03-13 Full Report: https://cvereports.com/reports/GHSA-99QW-6MR3-36QR
OpenClaw, an open-source AI agent platform, contains a critical vulnerability in its plugin auto-discovery mechanism. The platform implicitly trusts and executes code located within the .openclaw/extensions/ directory of any opened workspace. This behavior allows an attacker to achieve arbitrary code execution by convincing a user to clone and open a maliciously crafted repository.
A critical RCE vulnerability in OpenClaw allows attackers to execute arbitrary code on a user's machine by hiding a malicious plugin inside a repository's .openclaw/extensions/ directory, which the platform automatically loads and executes without user consent.
- CWE ID: CWE-427, CWE-829, CWE-1188
- Attack Vector: Network (Supply Chain)
- CVSS Score: 9.6 (Critical)
- Impact: Arbitrary Code Execution
- Exploit Status: Proof of Concept Available
- Fixed Version: v2026.3.12
- OpenClaw Platform
- Developer Workstations
- OpenClaw: < v2026.3.12 (Fixed in:
v2026.3.12)
- Upgrade to OpenClaw v2026.3.12 or later
- Implement Workspace Trust policies similar to modern IDEs
- Audit existing cloned repositories for hidden .openclaw/extensions/ directories
- Educate developers on the risks of opening untrusted workspaces
Remediation Steps:
- Identify all workstations running OpenClaw.
- Update the OpenClaw application to version v2026.3.12.
- Run a filesystem search for
.openclaw/extensions/across all developer directories to identify potential compromise. - If a malicious directory is found, rotate all local credentials (AWS, SSH, Git) immediately.
- GitHub Advisory: GHSA-99QW-6MR3-36QR
- OpenClaw Issue 11031
- Fix PR 44174
- OpenClaw v2026.3.12 Release Notes
Generated by CVEReports - Automated Vulnerability Intelligence