NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41377

Summary	OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.
Publication Date	April 29, 2026, 4:37 a.m.
Registration Date	April 30, 2026, 4:09 a.m.
Last Update	April 29, 2026, 5:10 a.m.

CVSS3.1 : MEDIUM
スコア	4.6
Vector	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	低
攻撃に必要な特権レベル(PR)	低
利用者の関与(UI)	要
影響の想定範囲(S)	変更なし
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	なし

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a	disclosure@vulncheck.com
2	https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669	disclosure@vulncheck.com
3	https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916	disclosure@vulncheck.com
4	https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68	disclosure@vulncheck.com
5	https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4	disclosure@vulncheck.com
6	https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation	disclosure@vulncheck.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-636	安全でない失敗処理	https://cwe.mitre.org/data/definitions/636.html