CVE-2026-62190
HIGHOpenClaw < 2026.6.9 Authorization Bypass via flock wrapper
Title source: cnaDescription
OpenClaw versions before 2026.6.9 contain an authorization bypass vulnerability in the flock wrapper that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can leverage configured input paths to bypass durable exec approval binding and perform unauthorized operations when the affected feature is enabled.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-3fp5-v549-9v66)
https://github.com/openclaw/openclaw/security/advisories/GHSA-3fp5-v549-9v66
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw < 2026.6.9 Authorization Bypass via flock wrapper
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-flock-wrapper
Scores
CVSS v3
8.8
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-706
CWE-863
Status
published
Products (2)
OpenClaw/OpenClaw
< 2026.6.9
OpenClaw/OpenClaw
2026.6.9
Published
Jul 13, 2026
Tracked Since
Jul 14, 2026