CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-42428

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.

Exploit prediction scoring system (EPSS) score

CVSS Severity

CVSS v3 Score 7.1

References

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5
https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp
https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-42428

Products

Pricing

Contact Us