CVE-2026-35641 Overview
OpenClaw before version 2026.3.24 contains an arbitrary code execution vulnerability in its local plugin and hook installation functionality. Attackers can execute malicious code by crafting a .npmrc file with a git executable override, allowing arbitrary programs to be triggered during npm install execution when processing git dependencies.
Critical Impact
Arbitrary code execution through malicious .npmrc configuration files enables attackers to compromise systems during the plugin/hook installation process, potentially leading to full system compromise.
Affected Products
- OpenClaw versions prior to 2026.3.24
- OpenClaw for Node.js (all platforms)
Discovery Timeline
- 2026-04-10 - CVE-2026-35641 published to NVD
- 2026-04-14 - Last updated in NVD database
Technical Details for CVE-2026-35641
Vulnerability Analysis
This vulnerability (CWE-349: Acceptance of Extraneous Untrusted Data With Trusted Data) resides in OpenClaw's handling of local plugin and hook installations. The core issue stems from the application's failure to properly validate or sanitize configuration files present in staged package directories during the installation process.
When OpenClaw processes local plugins or hooks, it executes npm install within the staged package directory. If an attacker can place a malicious .npmrc file in this directory, they can override the git executable path to point to an arbitrary malicious program. Subsequently, when npm encounters git dependencies during installation, it will execute the attacker-specified program instead of the legitimate git binary.
The attack leverages npm's configuration hierarchy, where project-level .npmrc files take precedence over global and user-level configurations. This design, while intended for legitimate customization purposes, becomes a security liability when combined with OpenClaw's installation workflow that processes potentially untrusted package contents.
Root Cause
The vulnerability originates from insufficient validation of untrusted data within the staged package directory. OpenClaw does not sanitize or restrict the contents of the installation directory, allowing attacker-controlled configuration files (specifically .npmrc) to influence the behavior of subsequent npm operations. The git executable path configuration in .npmrc provides a direct code execution primitive when git-based dependencies are resolved.
Attack Vector
This is a local attack vector requiring user interaction. An attacker must convince a victim to install a malicious local plugin or hook package containing a crafted .npmrc file. The attack chain proceeds as follows:
- Attacker creates a malicious package containing a .npmrc file with a modified git executable path
- Victim downloads or receives the malicious package
- Victim initiates OpenClaw plugin or hook installation
- OpenClaw stages the package and runs npm install
- npm reads the malicious .npmrc and uses the attacker-specified git path
- When git dependencies are processed, the malicious executable runs with the victim's privileges
The attack requires the malicious package to include at least one git-based dependency to trigger the execution of the overridden git executable.
Detection Methods for CVE-2026-35641
Indicators of Compromise
- Presence of unexpected .npmrc files in plugin or hook package directories containing modified git configuration
- Unusual process spawning patterns during npm install operations, particularly non-standard executables being invoked as git
- Anomalous network connections or file system modifications immediately following OpenClaw plugin installations
Detection Strategies
- Monitor for .npmrc files in OpenClaw plugin staging directories that contain git executable overrides
- Implement file integrity monitoring on npm configuration paths during installation workflows
- Deploy endpoint detection rules to alert on suspicious process trees where npm spawns unexpected child processes
Monitoring Recommendations
- Enable verbose logging for OpenClaw installation operations to capture configuration file processing
- Implement application allowlisting to restrict which executables can be invoked during npm install operations
- Review and audit any locally installed OpenClaw plugins or hooks for suspicious configuration files
How to Mitigate CVE-2026-35641
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.24 or later immediately
- Audit existing locally installed plugins and hooks for malicious .npmrc files
- Avoid installing OpenClaw plugins or hooks from untrusted sources until patched
- Review system logs for any suspicious activity during recent plugin installations
Patch Information
The vendor has addressed this vulnerability in OpenClaw version 2026.3.24. The security patch prevents arbitrary configuration file processing during plugin and hook installations. For detailed patch information and security advisory, refer to the GitHub Security Advisory.
Additional technical analysis is available in the VulnCheck Advisory.
Workarounds
- Manually inspect all plugin and hook packages for .npmrc files before installation
- Use npm's --ignore-scripts flag during installation where possible to reduce attack surface
- Implement filesystem restrictions to prevent .npmrc file creation in staging directories
- Consider containerizing OpenClaw plugin installations to limit potential impact of exploitation
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
