PatchSiren cyber security CVE debrief
CVE-2026-62186 OpenClaw CVE debrief
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. This vulnerability can be exploited by attackers to bypass admin authorization policies and execute restricted operations. The vulnerability has a high severity with a CVSS score of 7.2. Users and administrators should review the CVE and NVD details for further information.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 7.2
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of OpenClaw versions before 2026.6.8, administrators, and security teams should be aware of this vulnerability and take steps to mitigate it. The vulnerability can be exploited by attackers to bypass admin authorization policies and execute restricted operations. Reviewing the CVE and NVD details is recommended.
Technical summary
The vulnerability is caused by a misconfigured input path that allows attackers to bypass admin authorization policies and execute restricted operations. The CVSS score for this vulnerability is 7.2, indicating a high severity. The OpenClaw versions before 2026.6.8 are affected by this vulnerability. Users and administrators should review the input paths and implement additional authorization checks for sensitive operations.
Defensive priority
High
Recommended defensive actions
- Update OpenClaw to version 2026.6.8 or later
- Review and correct input paths to prevent authorization bypass
- Implement additional authorization checks for sensitive operations
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Check relevant monitoring, detection, and logs for exposed assets that need extra review
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
Evidence notes
The CVE record was published on 2026-07-13T22:16:49.607Z and has not been modified since then. The NVD entry is currently Received. The OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides. Users and administrators should verify the affected scope and take steps to mitigate the vulnerability. Evidence is limited to CVE and NVD details.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:49.607Z and has not been modified since then. The NVD entry is currently Received.