CVE-2026-53810
8.8 HIGHOpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading towar...
Published: 2026-06-11 · Last updated: 2026-06-11
Severity and scoring
- CVSS
- 8.8 HIGH
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- CWE
- CWE-829
Description
OpenClaw before 2026.5.18 contains a code execution vulnerability where marketplace runtime extension metadata can redirect loading toward unscanned package payloads. Attackers with trusted operator access can manipulate extension metadata to load plugin code outside reviewed package entry points, bypassing security scanning.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-52858 — Vim is an open source, command line text editor
- CVE-2026-47174 — In Duck Site before version 1.0.1, the repository has a deploy workflow that runs after the build workflow completes
- CVE-2026-47172 — Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support
- CVE-2026-46529 — Atril Document Viewer is the default document reader of the MATE desktop environment for Linux
- CVE-2026-47292 — Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally (7.8 HIGH)