CVE-2026-62192

OpenClaw · OpenClaw

The OpenClaw platform contains an incorrect authorization vulnerability that allows authenticated users to trigger unauthorized state changes.

Executive summary

An incorrect authorization flaw in OpenClaw allows authenticated attackers to perform unauthorized operations, potentially leading to critical system impacts.

Vulnerability

This is an incorrect authorization vulnerability (CWE-863) where an authenticated user can bypass intended security constraints to perform unauthorized write or administrative actions.

Business impact

The ability for an authenticated user to bypass authorization logic can lead to severe operational disruptions or unauthorized system changes. With a CVSS score of 8.1, this vulnerability poses a high risk to the stability and security of the affected environment.

Remediation

Immediate Action: Upgrade the OpenClaw software to version 2026.6.9 or later.

Proactive Monitoring: Review audit logs for suspicious activity originating from authenticated user accounts, specifically focusing on unauthorized configuration or data modification attempts.

Compensating Controls: Restrict access to the application via network-level controls or WAF rules to limit exposure while the update is being prepared.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations utilizing OpenClaw must treat this vulnerability with high urgency. Applying the provided update to version 2026.6.9 is the only effective way to remediate the underlying authorization bypass and secure the application against authenticated attackers.