Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-41377
PUBLISHED
More InfoOfficial Page
Assigner-VulnCheck
Assigner Org ID-83251b91-4cc7-4094-a5c7-464a1b83ea10
View Known Exploited Vulnerability (KEV) details
Published At-28 Apr, 2026 | 18:09
Updated At-29 Apr, 2026 | 19:54
Rejected At-
▼CVE Numbering Authority (CNA)
OpenClaw < 2026.3.31 - Fail-Open Security Scan Bypass in Plugin Installation

OpenClaw before 2026.3.31 contains a fail-open vulnerability in the plugin installation flow where security scan failures do not block installation. Attackers can exploit scan failures to install untrusted plugins when operators proceed despite visible scan warnings.

Affected Products
Vendor
OpenClawOpenClaw
Product
OpenClaw
Default Status
unaffected
Versions
Affected
  • From 0 before 2026.3.31 (semver)
Unaffected
  • 2026.3.31 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-636CWE-636: Not Failing Securely (Failing Open)
Type: CWE
CWE ID: CWE-636
Description: CWE-636: Not Failing Securely (Failing Open)
Metrics
VersionBase scoreBase severityVector
4.05.1MEDIUM
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
3.14.6MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Version: 4.0
Base score: 5.1
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Version: 3.1
Base score: 4.6
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
reporter
davidluzsilva
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4
vendor-advisory
https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916
patch
https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669
patch
https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a
patch
https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68
patch
https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation
third-party-advisory
Hyperlink: https://github.com/openclaw/openclaw/security/advisories/GHSA-cwq8-6f96-g3q4
Resource:
vendor-advisory
Hyperlink: https://github.com/openclaw/openclaw/commit/7a953a52271b9188a5fa830739a4366614ff9916
Resource:
patch
Hyperlink: https://github.com/openclaw/openclaw/commit/44b993613601280d46a5b88190e46669fc13d669
Resource:
patch
Hyperlink: https://github.com/openclaw/openclaw/commit/0d7f1e2c84eca65df7dee890d9c30e2a841c030a
Resource:
patch
Hyperlink: https://github.com/openclaw/openclaw/commit/bf96c67fd1954740aeabfadc7cfe3098bcfc6b68
Resource:
patch
Hyperlink: https://www.vulncheck.com/advisories/openclaw-fail-open-security-scan-bypass-in-plugin-installation
Resource:
third-party-advisory
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Details not found