CVE-2026-62192
OpenClaw · OpenClaw
The OpenClaw platform contains an incorrect authorization vulnerability that allows authenticated users to trigger unauthorized state changes.
Executive summary
An incorrect authorization flaw in OpenClaw allows authenticated attackers to perform unauthorized operations, potentially leading to critical system impacts.
Vulnerability
This is an incorrect authorization vulnerability (CWE-863) where an authenticated user can bypass intended security constraints to perform unauthorized write or administrative actions.
Business impact
The ability for an authenticated user to bypass authorization logic can lead to severe operational disruptions or unauthorized system changes. With a CVSS score of 8.1, this vulnerability poses a high risk to the stability and security of the affected environment.
Remediation
Immediate Action: Upgrade the OpenClaw software to version 2026.6.9 or later.
Proactive Monitoring: Review audit logs for suspicious activity originating from authenticated user accounts, specifically focusing on unauthorized configuration or data modification attempts.
Compensating Controls: Restrict access to the application via network-level controls or WAF rules to limit exposure while the update is being prepared.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Organizations utilizing OpenClaw must treat this vulnerability with high urgency. Applying the provided update to version 2026.6.9 is the only effective way to remediate the underlying authorization bypass and secure the application against authenticated attackers.