CVE-2026-62194
HIGHOpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
Title source: cnaDescription
OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the feature is reachable.
References (2)
Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-7vrr-rp4x-4g76)
https://github.com/openclaw/openclaw/security/advisories/GHSA-7vrr-rp4x-4g76
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-plugin-install
Scores
CVSS v3
8.8
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-732
CWE-862
Status
published
Products (2)
OpenClaw/OpenClaw
2026.5.20 - 2026.6.9
OpenClaw/OpenClaw
2026.6.9
Published
Jul 13, 2026
Tracked Since
Jul 14, 2026