CVE-2026-42428 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packa…
High CVSS: 7.5

CVE-2026-42428

OpenClaw versions before 2026.4.8 fail to enforce integrity verification on downloaded plugin archives. Attackers can install malicious or tampered plugin packages without detection, compromising the local assistant environment.
Vendor
-
Product
-
CWE
CWE-353
Yayın Tarihi
2026-04-28 19:37:46
Güncelleme
2026-04-28 20:10:23
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-353 HIGH 2026

Referanslar

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5 https://github.com/openclaw/openclaw/security/advisories/GHSA-3vvq-q2qc-7rmp https://www.vulncheck.com/advisories/openclaw-missing-integrity-verification-in-package-downloads