CVE-2026-62191
HIGHOpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations
Title source: cnaDescription
OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-v7hx-r36p-f68m)
https://github.com/openclaw/openclaw/security/advisories/GHSA-v7hx-r36p-f68m
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw 2026.6.6 < 2026.6.8 Authorization Bypass via Message Mutations
https://www.vulncheck.com/advisories/openclaw-authorization-bypass-via-message-mutations
Scores
CVSS v3
7.1
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Details
CWE
CWE-862
CWE-863
Status
published
Products (2)
OpenClaw/OpenClaw
2026.6.6 - 2026.6.9
OpenClaw/OpenClaw
2026.6.9
Published
Jul 13, 2026
Tracked Since
Jul 14, 2026