CVE-2026-62194

HIGH

OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install

Title source: cna
STIX 2.1

Description

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the feature is reachable.

References (2)

Core 2
Core References
Vendor Advisory vendor-advisory
GitHub Security Advisory (GHSA-7vrr-rp4x-4g76)
https://github.com/openclaw/openclaw/security/advisories/GHSA-7vrr-rp4x-4g76
Third Party Advisory third-party-advisory
VulnCheck Advisory: OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
https://www.vulncheck.com/advisories/openclaw-privilege-escalation-via-plugin-install

Scores

CVSS v3 8.8
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-732 CWE-862
Status published
Products (2)
OpenClaw/OpenClaw 2026.5.20 - 2026.6.9
OpenClaw/OpenClaw 2026.6.9
Published Jul 13, 2026
Tracked Since Jul 14, 2026