CVE-2026-62191

HIGH

OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations

Title source: cna
STIX 2.1

Description

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-v7hx-r36p-f68m)
https://github.com/openclaw/openclaw/security/advisories/GHSA-v7hx-r36p-f68m
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-message-mutations

Scores

CVSS v3 7.1
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Details

CWE
CWE-862 CWE-863
Status published
Products (2)
OpenClaw/OpenClaw 2026.6.6 - 2026.6.9
OpenClaw/OpenClaw 2026.6.9
Published Jul 13, 2026
Tracked Since Jul 14, 2026