Which versions of OpenClaw are affected by CVE-2026-43569?

OpenClaw versions before 2026.4.9 contain an authentication bypass vulnerability that allows malicious workspace plugins to intercept and redirect provider credentials during onboarding, potentially…. A patch is available.

How to fix or mitigate CVE-2026-43569?

Within 24 hours: Identify all OpenClaw deployments and document current versions in use. Within 7 days: Upgrade all OpenClaw instances to version 2026.4.9 or later; validate patch deployment across non-production and production environments. Within 30 days: Audit workspace plugin sources and permissions; implement plugin allowlist policies to restrict untrusted provider integrations; review authentication logs for suspicious credential interception patterns.

OpenClaw CVE-2026-43569

Q: What is the CVSS score of CVE-2026-43569?

CVE-2026-43569 has a CVSS 4.0 base score of 7.7 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-27289 HIGH

Inclusion of Functionality from Untrusted Control Sphere (CWE-829)

2026-05-05 VulnCheck

GHSA-939r-rj45-g2rj

Authentication Bypass

7.7

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Scope

Lifecycle Timeline

Analysis Updated

May 05, 2026 - 12:44 vuln.today

v2 (cvss_changed)

Re-analysis Queued

May 05, 2026 - 12:37 vuln.today

cvss_changed

CVSS changed

May 05, 2026 - 12:37 NVD

8.8 (HIGH) 7.7 (HIGH)

Source Code Evidence Fetched

May 05, 2026 - 12:20 vuln.today

Analysis Generated

May 05, 2026 - 12:20 vuln.today

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.9.

DescriptionNVD

OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during non-interactive onboarding when provider auth choices are shadowed. Attackers can exploit this by crafting malicious workspace plugins that are automatically selected and enabled during authentication setup without explicit user consent.

AnalysisAI

Authentication bypass in OpenClaw before 2026.4.9 enables untrusted workspace plugins to intercept provider authentication credentials during non-interactive onboarding. Malicious plugins can shadow legitimate provider authentication choices, causing the system to auto-enable attacker-controlled code and route sensitive API keys or credentials through untrusted handlers without user consent. …

RemediationAI

Within 24 hours: Identify all OpenClaw deployments and document current versions in use. Within 7 days: Upgrade all OpenClaw instances to version 2026.4.9 or later; validate patch deployment across non-production and production environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-43569 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-43569

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-43569

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code