CVE-2026-62190

HIGH

OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper

Title source: cna
STIX 2.1

Description

OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform unauthorized operations when the affected feature is enabled.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-3fp5-v549-9v66)
https://github.com/openclaw/openclaw/security/advisories/GHSA-3fp5-v549-9v66
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-flock-wrapper

Scores

CVSS v3 8.8
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-706 CWE-863
Status published
Products (2)
OpenClaw/OpenClaw < 2026.6.9
OpenClaw/OpenClaw 2026.6.9
Published Jul 13, 2026
Tracked Since Jul 14, 2026