CVE-2026-62229
Received Received - Intake

Authorization Bypass in OpenClaw via Glob Matching

Vulnerability report for CVE-2026-62229, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-17

Last updated on: 2026-07-17

Assigner: VulnCheck

Description

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized actions when the affected feature is enabled.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-17
Last Modified
2026-07-17
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.5.18 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-62229 is an authorization bypass vulnerability in OpenClaw before version 2026.5.18. It involves improper glob matching in the exec allowlist, allowing lower-trust callers to execute actions beyond their intended authorization scope by crafting input paths that traverse allowlist patterns.

Detection Guidance

To detect this vulnerability, check if your OpenClaw version is prior to 2026.5.18. Run: openclaw --version or check the installed package version. If the feature for exec allowlist glob matching is enabled, review logs for unauthorized path traversal attempts or unexpected command executions.

Impact Analysis

If exploited, this vulnerability could allow unauthorized execution or persistence of actions when the affected feature is enabled. The impact depends on the operator's configuration and whether lower-trust input can reach the affected path. Attackers could gain control over system actions beyond their intended permissions.

Compliance Impact

This vulnerability could potentially impact compliance with GDPR and HIPAA by enabling unauthorized execution or persistence of actions due to improper authorization bypass. If lower-trust callers gain access to restricted features, it may lead to unauthorized data access, modification, or deletion, violating confidentiality and integrity requirements under these regulations.

Mitigation Strategies

Immediately upgrade OpenClaw to version 2026.5.18 or later. If upgrading is not possible, disable the affected exec allowlist glob matching feature or restrict it to trusted operators only. Review and harden channel and tool allowlists to minimize exposure.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62229. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart