Tag
OpenClaw before 2026.4.9 is vulnerable to an authentication bypass, allowing attackers to auto-enable malicious workspace plugins during non-interactive onboarding, leading to potential arbitrary code execution and data compromise.