Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1325 CNY

100%
Buy Us a Coffee

CVE-2026-53810— OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

CVSS 8.8 · High EPSS 0.42% · P33

Possible ATT&CK Techniques 1AI

T1195 · Supply Chain Compromise

Affected Version Matrix 2

VendorProductVersion RangeStatus
OpenClawOpenClaw< 2026.5.18affected
2026.5.18unaffected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-53810

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
从非可信控制范围包含功能例程
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.5.18之前版本存在安全漏洞,该漏洞源于市场运行时扩展元数据可重定向加载到未扫描的包有效载荷,具有可信操作员访问权限的攻击者可操纵扩展元数据,在审查的包入口点之外加载插件代码,绕过安全扫描。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
OpenClawOpenClaw 0 ~ 2026.5.18 -

II. Public POCs for CVE-2026-53810

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-53810

登录查看更多情报信息。

Vendor Advisories for CVE-2026-53810 (2)

Same Patch Batch · OpenClaw · 2026-06-11 · 14 CVEs total

CVE-2026-538068.8 HIGHOpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
CVE-2026-538078.8 HIGHOpenClaw < 2026.5.6 - Authorization Bypass in Telegram Interactive Callbacks via commands.
CVE-2026-538118.8 HIGHOpenClaw < 2026.5.7 - Privilege Escalation via Mutable Display Names in Matrix allowFrom
CVE-2026-538178.8 HIGHOpenClaw < 2026.5.22 - Control UI Locality Spoofing in Device Pairing
CVE-2026-538198.8 HIGHOpenClaw < 2026.5.27 - Arbitrary Homebrew Executable Execution via Workspace .env Override
CVE-2026-538148.3 HIGHOpenClaw < 2026.5.20 - Privilege Escalation via Hook-Triggered CLI MCP Tool Authority
CVE-2026-538137.8 HIGHOpenClaw < 2026.4.25 - Arbitrary Artifact Loading via Fake Package Root Resolution
CVE-2026-538127.7 HIGHOpenClaw < 2026.5.18 - Private-Network Navigation Bypass via Browser Act Interactions
CVE-2026-538167.2 HIGHOpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node
CVE-2026-538186.6 MEDIUMOpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback
CVE-2026-538086.5 MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply Flow
CVE-2026-538156.5 MEDIUMOpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions
CVE-2026-538093.8 LOWOpenClaw < 2026.4.25 - Provider Alias Confusion in Embedded Runner Policy

IV. Related Vulnerabilities

Same product: OpenClaw
Same vendor: OpenClaw
Same weakness: CWE-829

V. Comments for CVE-2026-53810

No comments yet

Leave a comment