CVE-2026-42428
HIGHDescription
OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.
Is your site exposed to CVE-2026-42428?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
EPSS — Exploit Prediction
EPSS estimates the probability that this vulnerability will be exploited in the wild within the next 30 days. A higher score means more likely to be exploited.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| openclaw | openclaw |
References
Frequently Asked Questions
What is CVE-2026-42428? +
How severe is CVE-2026-42428? +
What products are affected by CVE-2026-42428? +
How do I check if I'm vulnerable to CVE-2026-42428? +
Related Vulnerabilities
electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to 3.9.5, deterministic AES-192-CBC with a fixed zero IV, constant KDF salt, and …
Diebold Nixdorf Vynamic Security Suite through 4.3.0 SR01 does not validate file attributes or the contents of /root during integrity …
The issue was addressed with improved checks. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and …
Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially …
pnpm is a package manager. Prior to 10.33.4 and 11.0.7, a malicious codeload.github.com server can serve whatever tarball it wants …
A missing file integrity check vulnerability exists on MacOS F5 VPN browser client installer that may allow a local, authenticated …