Description
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Mon, 13 Jul 2026 21:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled. | |
| Title | OpenClaw < 2026.6.6 Policy Bypass via CDP Discovery | |
| First Time appeared |
Openclaw
Openclaw openclaw |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Openclaw
Openclaw openclaw |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-13T21:30:18.191Z
Reserved: 2026-07-13T16:38:58.353Z
Link: CVE-2026-62197
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-918
Server-Side Request Forgery (SSRF)