PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62186 OpenClaw CVE debrief

OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. This vulnerability can be exploited by attackers to bypass admin authorization policies and execute restricted operations. The vulnerability has a high severity with a CVSS score of 7.2. Users and administrators should review the CVE and NVD details for further information.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 7.2
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of OpenClaw versions before 2026.6.8, administrators, and security teams should be aware of this vulnerability and take steps to mitigate it. The vulnerability can be exploited by attackers to bypass admin authorization policies and execute restricted operations. Reviewing the CVE and NVD details is recommended.

Technical summary

The vulnerability is caused by a misconfigured input path that allows attackers to bypass admin authorization policies and execute restricted operations. The CVSS score for this vulnerability is 7.2, indicating a high severity. The OpenClaw versions before 2026.6.8 are affected by this vulnerability. Users and administrators should review the input paths and implement additional authorization checks for sensitive operations.

Defensive priority

High

Recommended defensive actions

  • Update OpenClaw to version 2026.6.8 or later
  • Review and correct input paths to prevent authorization bypass
  • Implement additional authorization checks for sensitive operations
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-13T22:16:49.607Z and has not been modified since then. The NVD entry is currently Received. The OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. Users and administrators should verify the affected scope and take steps to mitigate the vulnerability. Evidence is limited to CVE and NVD details.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:49.607Z and has not been modified since then. The NVD entry is currently Received.