CVE-2026-41377

· NIST NVD ↗

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

MEDIUM
CVSS severity
4.6
CVSS base score
2026-04-28
Published

CWE codes

CWE-636

Affected products

openclaw:openclaw

Sources