CVE-2026-62223

OpenClaw · OpenClaw

An incorrect authorization vulnerability in OpenClaw allows authenticated users to bypass security checks during the device pairing process.

Executive summary

An incorrect authorization flaw in OpenClaw enables authenticated users to bypass security restrictions during device pairing, posing a high risk to system integrity.

Vulnerability

This vulnerability is categorized as CWE-863, representing an incorrect authorization flaw. An authenticated user with low privileges can manipulate the device pairing process because the application performs insufficient validation of the user's authorization level during this specific operation.

Business impact

Successful exploitation allows unauthorized entities to pair devices with the system, leading to potential unauthorized data access or control over system resources. The CVSS score of 8.8 underscores the severity of this vulnerability, as it compromises the core authorization logic governing how new devices are integrated into the trusted environment.

Remediation

Immediate Action: Update OpenClaw to version 2026.5.18 or newer to resolve the authorization logic error.

Proactive Monitoring: Review security logs for irregular device pairing requests or unauthorized access attempts from standard user accounts.

Compensating Controls: Restrict access to the device management interface to trusted internal networks only until the security patch is verified and applied.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations should prioritize upgrading to the latest version of OpenClaw to remediate this authorization defect. Failure to patch leaves the system vulnerable to unauthorized device pairing, which could be used as a vector for further network exploitation.