CVE-2026-45004
Arbitrary Code Execution in OpenClaw via Malicious Plugin Setup
Publication date: 2026-05-11
Last updated on: 2026-05-11
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.23 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-427 | The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
OpenClaw versions before 2026.4.23 contain a vulnerability that allows arbitrary code execution. This happens because the plugin setup resolver loads a JavaScript file named setup-api.js from the current working directory (process.cwd()) during provider setup metadata resolution.
An attacker can exploit this by placing a malicious setup-api.js file inside the extensions/<plugin>/ directory of a repository and convincing a user to run OpenClaw commands from that directory. When the user does this, OpenClaw loads and executes the malicious JavaScript code under the current user's account.
This vulnerability requires local access and user interaction to be exploited. It has been fixed in OpenClaw version 2026.4.23 by removing process.cwd() from the trusted search paths for setup-api.js.
How can this vulnerability impact me? :
If exploited, this vulnerability allows an attacker to execute arbitrary JavaScript code with the same privileges as the user running OpenClaw. This can lead to unauthorized actions such as data theft, modification, or destruction, installation of malware, or further compromise of the system.
Because the code runs under the current user account, the attacker gains the same level of access as that user, which can be significant depending on the user's permissions.
However, exploitation requires the attacker to have placed a malicious file in a directory where the user runs OpenClaw commands and requires the user to run those commands from that directory, meaning social engineering or local access is necessary.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if there are any malicious setup-api.js files placed in the extensions/<plugin>/ directory within repositories from which OpenClaw commands are run.
You can inspect your current working directories and repositories for unexpected or suspicious setup-api.js files in the extensions folders.
- Use commands like `find . -path '*/extensions/*/setup-api.js'` to locate any setup-api.js files in extensions directories.
- Review the contents of any found setup-api.js files to verify if they are legitimate or potentially malicious.
- Monitor user activity to detect if OpenClaw commands are being run from directories containing such files.
What immediate steps should I take to mitigate this vulnerability?
The immediate and most effective mitigation step is to update OpenClaw to version 2026.4.23 or later, where this vulnerability has been patched.
Avoid running OpenClaw commands from untrusted or unknown directories, especially those that may contain extensions/<plugin>/setup-api.js files.
Audit and remove any suspicious setup-api.js files from your repositories or working directories.
Educate users to be cautious about the directories from which they execute OpenClaw commands to prevent exploitation.