CVE-2026-62223
Received Received - Intake

Authorization Bypass in OpenClaw Device Pairing

Vulnerability report for CVE-2026-62223, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the affected feature is enabled and reachable.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

OpenClaw before version 2026.5.18 has an authorization bypass flaw in the device-pair approval feature. This allows users with lower trust levels to perform actions they are not authorized to execute by exploiting misconfigured input paths when the vulnerable feature is enabled and accessible.

Detection Guidance

Check OpenClaw version with command: openclaw --version. If version is before 2026.5.18, the system is vulnerable. Inspect device-pair approval feature logs for unusual activity or unauthorized actions.

Impact Analysis

Attackers could exploit this to execute unauthorized actions or persist malicious activities on affected systems. If the vulnerable feature is reachable, it may allow privilege escalation or unauthorized data access depending on the system configuration.

Compliance Impact

This vulnerability could lead to unauthorized access or data breaches, which may violate compliance requirements such as GDPR or HIPAA. Organizations using affected OpenClaw versions may face regulatory penalties if unauthorized data exposure occurs.

Mitigation Strategies

Upgrade OpenClaw to version 2026.5.18 or later immediately. If upgrading is not possible, disable the device-pair approval feature or restrict access to trusted operators only.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62223. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart