Description
OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized actions when the affected feature is enabled.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized actions when the affected feature is enabled. | |
| Title | OpenClaw < 2026.5.18 Authorization Bypass via Glob Matching | |
| First Time appeared |
Openclaw
Openclaw openclaw |
|
| Weaknesses | CWE-22 | |
| CPEs | cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Openclaw
Openclaw openclaw |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:07:06.340Z
Reserved: 2026-07-13T16:40:10.961Z
Link: CVE-2026-62229
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T02:15:04Z
Weaknesses
-
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')