CVE-2026-62206
Received Received - Intake

Missing Authorization in OpenClaw Discord Moderation

Vulnerability report for CVE-2026-62206, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw versions before 2026.6.9 contain a missing authorization vulnerability in Discord moderation actions. In affected versions, a lower-trust caller or configured input path could perform moderation actions that should have required a stronger authorization or policy check. Practical impact depends on the operator's configuration and whether lower-trust input can reach the affected path.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.6.9 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a missing authorization issue in OpenClaw versions before 2026.6.9. It allows lower-trust callers or input paths to perform Discord moderation actions that should require stronger authorization checks. The flaw is classified under CWE-862 (Missing Authorization).

Detection Guidance

Detection requires checking OpenClaw versions prior to 2026.6.9. Verify installed version via package manager or application logs. Inspect Discord moderation action logs for unauthorized actions or unexpected permissions. Monitor network traffic for suspicious API calls to moderation endpoints.

Impact Analysis

If exploited, an attacker could perform unauthorized moderation actions on Discord servers using OpenClaw. This could lead to unauthorized changes in server settings, channel management, or other moderation actions. The impact depends on the operator's configuration and whether lower-trust input can access the vulnerable path.

Compliance Impact

The vulnerability could potentially impact compliance with GDPR and HIPAA by allowing unauthorized modifications to Discord moderation actions. If exploited, it may lead to unauthorized changes in data handling or access controls, which could violate integrity requirements under these regulations. Practical impact depends on operator configuration and whether lower-trust input can reach the affected path.

Mitigation Strategies

Upgrade OpenClaw to version 2026.6.9 or later immediately. Disable the affected Discord moderation feature if not required. Restrict feature access to trusted operators only. Narrow channel and tool allowlists. Avoid shared Gateways with untrusted users.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62206. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart