{"document":{"category":"csaf_vex","csaf_version":"2.0","title":"CVE-2026-53810: OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata","publisher":{"category":"vendor","name":"HarborGuard Database","namespace":"https://database.harborguard.co"},"tracking":{"id":"CVE-2026-53810","status":"final","version":"1","initial_release_date":"2026-06-11T20:07:04.630Z","current_release_date":"2026-06-13T03:55:34.981Z","revision_history":[{"date":"2026-06-11T20:07:04.630Z","number":"1","summary":"Initial machine-readable export from HarborGuard."}]},"distribution":{"tlp":{"label":"WHITE"},"text":"Public CVE data; freely redistributable."},"notes":[{"category":"description","text":"OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.","title":"CVE description"}],"references":[{"category":"self","summary":"CVE-2026-53810 on HarborGuard Database","url":"https://database.harborguard.co/cve/CVE-2026-53810"},{"category":"external","summary":"CVE Record","url":"https://www.cve.org/CVERecord?id=CVE-2026-53810"},{"category":"external","summary":"GitHub Security Advisory (GHSA-v6r2-jh58-xx6w)","url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w"},{"category":"external","summary":"vulncheck.com","url":"https://www.vulncheck.com/advisories/openclaw-arbitrary-code-execution-via-unscanned-marketplace-runtime-extension-metadata"}]},"product_tree":{"branches":[{"category":"vendor","name":"OpenClaw","branches":[{"category":"product_name","name":"OpenClaw","branches":[{"category":"product_version_range","name":"<2026.5.18","product":{"name":"OpenClaw OpenClaw <2026.5.18","product_id":"CSAFPID-1","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}},{"category":"product_version","name":"2026.5.18","product":{"name":"OpenClaw OpenClaw 2026.5.18","product_id":"CSAFPID-2","product_identification_helper":{"cpe":"cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*"}}}]}]}]},"vulnerabilities":[{"cve":"CVE-2026-53810","title":"OpenClaw < 2026.5.18 - Arbitrary Code Execution via Unscanned Marketplace Runtime Extension Metadata","notes":[{"category":"description","text":"OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.","title":"CVE description"}],"product_status":{"known_affected":["CSAFPID-1"],"fixed":["CSAFPID-2"]},"scores":[{"cvss_v4":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N","baseScore":7.7,"baseSeverity":"HIGH"},"products":["CSAFPID-1"]}],"remediations":[{"category":"vendor_fix","details":"Update to a fixed version: 2026.5.18.","product_ids":["CSAFPID-1"],"url":"https://github.com/openclaw/openclaw/security/advisories/GHSA-v6r2-jh58-xx6w"}]}]}