CVE-2026-62207
Received Received - Intake

Authentication Bypass in OpenClaw Before 2026.6.5

Vulnerability report for CVE-2026-62207, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.6.5 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

OpenClaw versions before 2026.6.5 have an authentication bypass flaw where lower-privileged users can access admin tools by exploiting weak policy checks on input paths. This allows unauthorized actions that require higher authorization levels.

Detection Guidance

To detect this vulnerability, check the version of OpenClaw installed on your system. If it is below 2026.6.5, the system is vulnerable. Use commands like 'openclaw --version' or check package managers (e.g., 'apt list --installed | grep openclaw' or 'yum list installed openclaw').

Inspect network traffic for unauthorized access to admin-scoped tools. Monitor logs for unusual administrative actions performed by lower-privilege users. Ensure policy checks are enforced on all input paths.

Impact Analysis

Attackers could perform administrative actions without proper authorization, leading to unauthorized data access, modifications, or system control. Impact depends on configuration and whether vulnerable paths are exposed to untrusted users.

Compliance Impact

This vulnerability allows unauthorized access to admin tools, potentially enabling data breaches or unauthorized modifications. For GDPR, this could lead to violations of data protection requirements (Article 32) due to insufficient access controls. For HIPAA, it may compromise protected health information integrity and confidentiality (Security Rule Β§164.312).

Mitigation Strategies
  • Upgrade OpenClaw to version 2026.6.5 or later to patch the vulnerability.
  • Restrict access to admin-scoped tools by ensuring only trusted operators can reach them.
  • Disable the affected feature if it is not necessary for operations.
  • Keep allowlists narrow and avoid sharing Gateways with untrusted users.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62207. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart