CVE Catalog

CVE-2026-53810

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.05%

18th percentile - higher than 18% of all known CVEs

Summary

OpenClaw before version 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

Risk Assessment

This vulnerability poses a risk to organizations by allowing attackers to execute unauthorized code, potentially leading to serious security breaches. Manipulation of metadata could result in the introduction of malicious software into the production environment.

Recommendation

It is recommended to update OpenClaw to version 2026.5.18 or later to mitigate this vulnerability. Additionally, conduct an audit of trusted operator access and monitor any changes to extension metadata.

Original NVD description (English source)

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS