How is CVE-2026-53810 exploited?

Network reachability (required): The vulnerable OpenClaw marketplace extension endpoint must be reachable over the network for an attacker to deliver manipulated metadata. Authentication (required): The attacker must hold a trusted operator account; any low-privilege account with operator-level trust is sufficient. Victim interaction (required): A user or process must trigger extension loading after the metadata has been manipulated, providing the social-engineering or workflow-abuse vector. Attack complexity (info): The exploit is reliable under standard conditions, though the CVSS v4.0 AT:P token notes that a specific deployment configuration or trust relationship must be present for the attack path to succeed.

What is the impact of CVE-2026-53810?

Attacker executes arbitrary code within the OpenClaw runtime process, outside any reviewed or scanned entry point. Attacker reads sensitive data accessible to the OpenClaw process, including stored credentials, tokens, or configuration files (VC:H). Attacker modifies application state, persisted data, or runtime behavior controlled by the OpenClaw process (VI:H). Attacker can crash or destabilize the OpenClaw runtime, disrupting any service or workload depending on it (VA:H).

Back to search

HIGHCVE-2026-53810Published 2026-06-11Modified 2026-06-13CNA VulnCheck

CVE-2026-53810: OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata

Q: What is CVE-2026-53810?

This is an arbitrary code execution vulnerability in OpenClaw versions before 2026.5.18. An attacker who already has trusted operator access can manipulate marketplace runtime extension metadata to redirect the plugin loader toward unscanned package payloads, bypassing security scanning controls. Successful exploitation gives the attacker full code execution within the OpenClaw runtime. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for affected environments.

Q: How is CVE-2026-53810 fixed?

A patched-image rebuild at OpenClaw 2026.5.18 becomes available in HarborGuard as soon as the fix version is confirmed in the upstream package feed. For customers with auto-remediation enabled, HarborGuard can perform the rebuild, run a regression test suite, and open a PR against affected workloads automatically.

OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.

CVSS v4.0: 7.7
Severity: HIGH
Fixed in: 2026.5.18
Affected Products: 1

HarborGuard Analysis

Synopsis

This is an arbitrary code execution vulnerability in OpenClaw versions before 2026.5.18. An attacker who already has trusted operator access can manipulate marketplace runtime extension metadata to redirect the plugin loader toward unscanned package payloads, bypassing security scanning controls. Successful exploitation gives the attacker full code execution within the OpenClaw runtime. A patched-image rebuild at version 2026.5.18 is available on HarborGuard for affected environments.

HarborGuard Coverage

Detection

Detection of CVE-2026-53810 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle OpenClaw. Coverage applies to images in both connected registries and active CI/CD pipelines.

Available

Triage

HarborGuard triage is available with CVSS v4.0 scoring at 7.7 (HIGH), weighted against each environment's compliance policy to determine urgency and blast-radius context. Findings are routed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available

Patch

A patched-image rebuild at OpenClaw 2026.5.18 becomes available in HarborGuard as soon as the fix version is confirmed in the upstream package feed. For customers with auto-remediation enabled, HarborGuard can perform the rebuild, run a regression test suite, and open a PR against affected workloads automatically.

Available

Exploit Conditions

Network reachabilityRequired
The vulnerable OpenClaw marketplace extension endpoint must be reachable over the network for an attacker to deliver manipulated metadata.
AuthenticationRequired
The attacker must hold a trusted operator account; any low-privilege account with operator-level trust is sufficient.
Victim interactionRequired
A user or process must trigger extension loading after the metadata has been manipulated, providing the social-engineering or workflow-abuse vector.
Attack complexityDetail
The exploit is reliable under standard conditions, though the CVSS v4.0 AT:P token notes that a specific deployment configuration or trust relationship must be present for the attack path to succeed.

Blast Radius

Attacker executes arbitrary code within the OpenClaw runtime process, outside any reviewed or scanned entry point.
Attacker reads sensitive data accessible to the OpenClaw process, including stored credentials, tokens, or configuration files (VC:H).
Attacker modifies application state, persisted data, or runtime behavior controlled by the OpenClaw process (VI:H).
Attacker can crash or destabilize the OpenClaw runtime, disrupting any service or workload depending on it (VA:H).

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-53810 is active across connected registries and pipelines, matching against any image that packages OpenClaw below 2026.5.18. For environments where auto-remediation is enabled and compliance policy permits, HarborGuard can trigger a rebuild at the fixed version 2026.5.18, run regression tests against the rebuilt image, and open a PR targeting affected workloads. For high-severity CVEs, the median time from publication to a merged patch PR in auto-remediation-enabled environments is around 90 minutes. Where auto-remediation is not enabled, the finding is surfaced in the triage queue with CVSS context so that engineering teams can manually promote the upgrade. Until the patched image is deployed, consider restricting operator-level access to the OpenClaw marketplace extension mechanism and applying network policy to limit which services can reach the extension metadata endpoint.

See how HarborGuard automates this

Fix available

2026.5.18

Patch commits

GitHub Security Advisory (GHSA-v6r2-jh58-xx6w)

Affected packages

OpenClaw / OpenClaw
< 2026.5.18 (from 0)
Fixed in 2026.5.18

CVSS Vector

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

References

Metrics

Get notified

HarborGuard Analysis

Synopsis

HarborGuard Coverage

Exploit Conditions

Blast Radius

How HarborGuard Handles This

Fix available