Attack Chain

1. Attacker identifies a target system running a vulnerable version of OpenClaw (prior to 2026.3.24).
2. Attacker crafts a malicious .npmrc file. This file contains a configuration that overrides the git executable path to point to a malicious binary under attacker control. For example, git=path/to/malicious/executable.
3. The attacker places the crafted .npmrc file in a location where the npm command will recognize it (e.g., the project directory, user’s home directory, or a global configuration directory).
4. The attacker triggers an npm install command execution within a project that processes plugins or hooks.
5. During the npm install process, npm attempts to resolve git dependencies.
6. Due to the .npmrc configuration, npm executes the attacker-controlled “git” executable specified in the .npmrc file instead of the legitimate git binary.
7. The attacker-controlled executable executes arbitrary code on the system.
8. The attacker achieves arbitrary code execution, potentially leading to system compromise, data exfiltration, or other malicious activities.

Impact

Successful exploitation of this vulnerability allows attackers to execute arbitrary code with the privileges of the user running the npm install command. This can lead to complete system compromise, sensitive data leakage, or denial-of-service. While the specific number of victims is unknown, any system running a vulnerable version of OpenClaw is at risk. Sectors most likely to be impacted are those relying on OpenClaw for plugin and hook management.

Recommendation

• Upgrade OpenClaw to version 2026.3.24 or later to patch the vulnerability (CVE-2026-35641).
• Implement file integrity monitoring on .npmrc files to detect unauthorized modifications (file_event log source).
• Monitor process executions where npm spawns child processes from unusual or unexpected paths, especially those outside standard installation directories (process_creation log source). Use the Sigma rule provided below to detect this behavior.