CVE-2026-62218
Received Received - Intake

Authorization Bypass in OpenClaw 2026.1.20

Vulnerability report for CVE-2026-62218, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw 2026.1.20 before 2026.5.27 contain an authorization bypass vulnerability in the device.pair.approve feature that allows lower-trust callers to bypass role-management checks. Attackers can perform actions requiring stronger authorization by reaching the affected feature through configured input paths.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.1.20 (inc) to 2026.5.27 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-62218 is an authorization bypass vulnerability in OpenClaw versions 2026.1.20 to 2026.5.27. It affects the device.pair.approve feature, allowing lower-trust callers to bypass role-management checks and perform actions requiring stronger authorization by exploiting configured input paths.

Detection Guidance

To detect this vulnerability, check the version of OpenClaw installed on your system. If it is between 2026.1.20 and 2026.5.26, the system is vulnerable. Run commands like 'openclaw --version' or check package managers for installed versions.

Impact Analysis

Attackers with lower privileges could exploit this to execute unauthorized actions that require higher authorization levels. This could lead to data breaches, unauthorized system changes, or service disruptions depending on the affected system's configuration and the actions performed.

Compliance Impact

This vulnerability could lead to unauthorized access or actions due to improper privilege management and missing authorization checks. For GDPR, it may violate principles of data protection by design and default (Article 25) and data integrity (Article 32). For HIPAA, it risks unauthorized access to protected health information, violating the Security Rule's access controls (45 CFR Β§ 164.312(a)(1)). The severity of the vulnerability suggests potential non-compliance with these standards.

Mitigation Strategies

Immediately upgrade OpenClaw to version 2026.5.27 or later. If upgrading is not possible, restrict access to the device.pair.approve feature to trusted operators only or disable it entirely.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62218. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart