← All CVEs

CVE-2026-53810

HIGH 7.7

Published 2026-06-11 · Last modified 2026-06-23

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

ELEVATED IMPACT

Severe if exploited (CVSS 7.7), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.4%chance of exploitation in 30 days · 34th percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7.7CVSS 4.0 · HIGH

  • ConfidentialityHigh
  • IntegrityHigh
  • AvailabilityHigh

What an attacker needs

  • Access: Reachable over the network — no local access needed
  • Privileges: No account or privileges required
  • User interaction: Succeeds with passive user activity
  • Complexity: No special conditions — reliably repeatable
  • Requirements: Specific conditions must be present

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Openclaw

Products Openclaw

Weakness (CWE)

  • CWE-829

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Sources: NVD · CVE.org · EPSS