GHSA-v6r2-jh58-xx6w: OpenClaw's marketplace runtime extension metadata could point at unscanned payloads
OpenClaw's marketplace runtime extension metadata in versions prior to 2026.5.18 could reference unscanned payloads, allowing a trusted operator's selected package to redirect runtime loading to hidden content that bypasses expected scanning. This vulnerability affects the specific feature and configuration related to runtime extension metadata and does not alter the trusted-operator security model. The impact depends on the operator's configuration and whether lower-trust inputs can access the vulnerable path. The issue is patched in version 2026.5.18. Until patched, mitigation includes installing only trusted plugins, maintaining explicit plugin allowlists, narrowing channel and tool allowlists, avoiding shared Gateways between untrusted users, and disabling the affected feature if not needed.
AI Analysis
Technical Summary
The vulnerability in OpenClaw (CVE-2026-53810) involves marketplace runtime extension metadata that can point to unscanned payloads. This allows a package selected by a trusted operator to redirect runtime loading toward hidden package content that was not scanned as expected. The vulnerability is scoped to a specific feature and configuration and does not affect the overall trusted-operator model. The practical impact depends on the operator's configuration and the exposure of the vulnerable feature to lower-trust inputs. The first stable patched version is 2026.5.18.
Potential Impact
When the affected feature is enabled and reachable, plugin code outside the reviewed package entry points could be loaded, potentially bypassing scanning controls. The severity is high due to the potential for unauthorized code execution or loading of unreviewed code, but actual impact depends on the deployment configuration and trust boundaries in place.
Mitigation Recommendations
A fix is available in OpenClaw version 2026.5.18. Users should upgrade to this version to remediate the vulnerability. Until patched, only install trusted plugins and maintain explicit plugin allowlists. Additionally, narrow channel and tool allowlists, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature if it is not required.
GHSA-v6r2-jh58-xx6w: OpenClaw's marketplace runtime extension metadata could point at unscanned payloads
Description
OpenClaw's marketplace runtime extension metadata in versions prior to 2026.5.18 could reference unscanned payloads, allowing a trusted operator's selected package to redirect runtime loading to hidden content that bypasses expected scanning. This vulnerability affects the specific feature and configuration related to runtime extension metadata and does not alter the trusted-operator security model. The impact depends on the operator's configuration and whether lower-trust inputs can access the vulnerable path. The issue is patched in version 2026.5.18. Until patched, mitigation includes installing only trusted plugins, maintaining explicit plugin allowlists, narrowing channel and tool allowlists, avoiding shared Gateways between untrusted users, and disabling the affected feature if not needed.
CVSS v4.0
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in OpenClaw (CVE-2026-53810) involves marketplace runtime extension metadata that can point to unscanned payloads. This allows a package selected by a trusted operator to redirect runtime loading toward hidden package content that was not scanned as expected. The vulnerability is scoped to a specific feature and configuration and does not affect the overall trusted-operator model. The practical impact depends on the operator's configuration and the exposure of the vulnerable feature to lower-trust inputs. The first stable patched version is 2026.5.18.
Potential Impact
When the affected feature is enabled and reachable, plugin code outside the reviewed package entry points could be loaded, potentially bypassing scanning controls. The severity is high due to the potential for unauthorized code execution or loading of unreviewed code, but actual impact depends on the deployment configuration and trust boundaries in place.
Mitigation Recommendations
A fix is available in OpenClaw version 2026.5.18. Users should upgrade to this version to remediate the vulnerability. Until patched, only install trusted plugins and maintain explicit plugin allowlists. Additionally, narrow channel and tool allowlists, avoid sharing a Gateway between mutually untrusted users, and disable the affected feature if it is not required.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-v6r2-jh58-xx6w
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-53810"]
- Ecosystems
- ["npm"]
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a46ecd227e9c7971943f340
Added to database: 07/02/2026, 22:57:22 UTC
Last enriched: 07/02/2026, 23:21:47 UTC
Last updated: 07/02/2026, 23:21:47 UTC
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.