What is CVE-2026-35641?

A CVSS 8.4 arbitrary code execution vulnerability that targets .npmrc files during OpenClaw plugin installation, enabling credential theft and code execution.

Which versions fix CVE-2026-35641?

v2026.4.5 and later include the patch. Any version from v2026.3.22 through v2026.4.2 is vulnerable.

Can CVE-2026-35641 be exploited remotely?

Yes, on unauthenticated instances it is remotely exploitable with no credentials required, as the attacker only needs to publish a malicious plugin.

← Back to dashboard

clawsmith.com/signal/cve-2026-35641-npmrc-arbitrary-code-exec

⚠ IssueWide OpenLive

CVE-2026-35641: OpenClaw .npmrc credential exfiltration and arbitrary code execution (CVSS 8.4)

Q: How does CVE-2026-35641 enable credential theft?

During local plugin installation, scoped npm credentials and custom registry entries from plugin-directory .npmrc files were not sanitized, allowing malicious plugins to exfiltrate npm tokens.

Q: What was the fix for CVE-2026-35641?

OpenClaw now adds .npmrc sanitization during local plugin installation — scoped credentials and custom registry entries from plugin-directory .npmrc files are ignored.

CVSS 8.4 vulnerability targeting .npmrc files during local plugin installation. Scoped credentials and custom registry entries from plugin-directory .npmrc files were not sanitized, enabling credential theft and arbitrary code execution. Remotely exploitable on unauthenticated instances.

Product Idea from this Signal

A pre-publish scanner that strips source maps, secrets, and internal code from npm packages before they ship to the registry

26143.4k ▲

Anthropic accidentally shipped 512K lines of Claude Code source code via an npm source map file that was never meant to be public. This happens constantly because .npmignore and package.json files fields are easy to misconfigure. The repo got 100K+ stars in days as people reversed the entire codebase. This tool scans your npm package before publish, catches source maps, leaked environment variables, internal documentation, and accidentally included files, then blocks the publish until you fix it.

SECURITYCLIDEVTOOLNPMOPEN-SOURCE

Competitive40 leadsView Opportunity →

Product Idea from this Signal

A security service that auto-patches OpenClaw CVEs within hours of disclosure before attackers exploit them

460.5k ▲

OpenClaw shipped 9 CVEs in 4 days (March 2026) including a CVSS 9.9 privilege escalation affecting 135K+ exposed instances. Most operators have no way to know which CVEs affect their version, no automated patching, and no coordination between the flood of advisories (156+ total) and their actual attack surface. This tool continuously monitors CVE feeds, maps each advisory to your installed version and enabled features, and applies safe mitigations automatically while queuing risky patches for human approval.

SECURITYCLIDEVTOOLOPEN-SOURCESYSADMIN

CompetitiveView Opportunity →