CVE-2026-62217

OpenClaw · OpenClaw

A vulnerability in OpenClaw allows authenticated users to perform unauthorized actions via incorrect authorization checks in the execution approval function.

Executive summary

An incorrect authorization flaw in OpenClaw could allow authenticated attackers to bypass security controls and perform unauthorized operations.

Vulnerability

This vulnerability is categorized as CWE-863, which involves incorrect authorization. An authenticated attacker with low privileges can exploit this flaw to execute unauthorized operations, as the application fails to properly validate the user's permissions during specific approval processes.

Business impact

The exploitation of this vulnerability could lead to significant unauthorized access to sensitive system functions, potentially resulting in data manipulation or administrative compromise. With a CVSS score of 8.8, this high-severity flaw represents a substantial risk to operational integrity, as it allows attackers to escalate their capabilities beyond their intended scope.

Remediation

Immediate Action: Update OpenClaw to version 2026.5.27 or higher to incorporate the necessary authorization fixes.

Proactive Monitoring: Review system access logs for unusual patterns of approval requests or unauthorized function calls originating from low-privileged accounts.

Compensating Controls: Implement strict Web Application Firewall rules to monitor and limit access to administrative or sensitive approval endpoints until the patch is deployed.

Exploitation status

Public Exploit Available: No

Analyst recommendation

The high CVSS score reflects the serious potential for unauthorized privilege usage within the application. Administrators should prioritize updating to the fixed version immediately to prevent potential abuse of the authorization mechanism by malicious insiders or compromised user accounts.