Description
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths. | |
| Title | OpenClaw < 2026.6.5 Authentication Bypass via Admin Tools | |
| First Time appeared |
Openclaw
Openclaw openclaw |
|
| Weaknesses | CWE-862 | |
| CPEs | cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Openclaw
Openclaw openclaw |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:06:51.394Z
Reserved: 2026-07-13T16:39:22.251Z
Link: CVE-2026-62207
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-862
Missing Authorization