OpenClaw, Git Executable Hijack, CVE-2026-XXXX (High)

By /

Listen to this Post

How the CVE Works

This vulnerability allows arbitrary code execution during the installation of local plugins or hooks in OpenClaw. The flaw resides in the package installer which copies a local plugin/hook directory to a temporary staging area and runs npm install --omit=dev --silent --ignore-scripts. Crucially, OpenClaw does not strip or sanitize the `.npmrc` file from the project root. Npm reads this project-level `.npmrc` file during installation. An attacker can craft a malicious plugin directory containing a `.npmrc` file that overrides the `git` executable path (e.g., `git=calc.exe` or a path to a malicious binary). If the plugin’s `package.json` includes a git dependency (e.g., a `git+file://` URL), npm will invoke the attacker-specified program instead of the system git when resolving that dependency. This execution occurs during the installation phase, before the plugin is loaded or trusted. The issue is triggered via `openclaw plugins install ` or openclaw hooks install <local-path>. The use of `–ignore-scripts` was intended to mitigate risks, but it fails to prevent npm from honoring the `.npmrc` configuration, making the installer vulnerable to supply-chain and local command execution attacks.
Platform: OpenClaw
Version: 2026.3.13-1 – 2026.3.23
Vulnerability: Git Executable Hijack
Severity: High
Date: 2026-03-31

Prediction: Fixed in 2026.3.24

What Undercode Say:

Analytics show the attack relies on npm’s configuration precedence. The PoC structure is as follows:

Malicious package structure
testpoc/pkg/
├── .npmrc
├── package.json
└── sample-hook/
├── HOOK.md
└── handler.js
.npmrc content
git=/path/to/malicious_binary
package.json snippet
{
"dependencies": {
"probe-git-dep": "git+file:///path/to/repo"
}
}
Trigger command
openclaw hooks install testpoc/pkg

The code executes `npm install` in `src/infra/install-package-dir.ts:188-199` without sanitizing the environment, allowing npm to read the attacker’s .npmrc.

How Exploit:

  1. Create malicious package with `.npmrc` setting `git=calc.exe` (or /bin/malware).

2. Ensure `package.json` contains a git dependency.

3. User runs `openclaw plugins install `.

  1. OpenClaw copies dir to `stageDir` and runs npm install.

5. Npm reads `.npmrc`, overrides git path.

6. Npm resolves git dependency, executes malicious binary.

Protection from this CVE

  • Upgrade to OpenClaw 2026.3.24 or later.
  • Avoid installing local plugins/hooks from untrusted sources.
  • Manually inspect `.npmrc` and `package.json` in local packages before installation.
  • Consider using a wrapper script to sanitize or block `.npmrc` files during install.

Impact

Arbitrary code execution at installation time, bypassing --ignore-scripts. Attackers can compromise user systems by tricking them into installing a malicious local plugin or hook. This violates trust boundaries, as execution occurs before plugin validation.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top