PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62188 openclaw CVE debrief

CVE-2026-62188 is an incorrect authorization vulnerability in OpenClaw @openclaw/feishu versions 2026.6.6 and earlier. The Feishu permission tools could ignore per-account disablement settings when the affected feature is enabled and reachable. A lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9. This vulnerability has a high CVSS score of 8.6, indicating a high severity. Users of OpenClaw @openclaw/feishu versions 2026.6.6 and earlier should apply the patch to prevent potential unauthorized actions.

Vendor
openclaw
Product
feishu
CVSS
HIGH 8.6
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of OpenClaw @openclaw/feishu versions 2026.6.6 and earlier should apply the patch to prevent potential unauthorized actions. This includes reviewing and updating Feishu permission settings, monitoring for suspicious activity, and verifying the patching process. Additionally, defenders should prioritize patching and review compensating controls for exposed systems while remediation is scheduled and verified.

Technical summary

The vulnerability exists in the Feishu permission tools of OpenClaw @openclaw/feishu. When the affected feature is enabled, a lower-trust caller or configured input path could perform actions that require stronger authorization or policy checks. The issue is fixed in version 2026.6.9. Evidence limits suggest that defenders verify the patching process and review compensating controls. The OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability. The Feishu permission tools could ignore per-account disablement settings when the affected feature is enabled and reachable.

Defensive priority

High priority due to the high CVSS score of 8.6 and the potential for unauthorized actions. Defenders should prioritize patching and review compensating controls for exposed systems while remediation is scheduled and verified. Monitoring and detection logs for exposed assets should be reviewed for extra review. Exceptions, retest remediated assets, and close the item only after evidence is documented. Track relevant metrics to ensure the vulnerability is properly managed. The OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability. The Feishu permission tools could ignore per-account disablement settings when the affected feature is enabled and reachable. A lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9. Evidence limits suggest that defenders verify the patching process and review compensating controls. Users of OpenClaw @openclaw/feishu versions 2026.6.6 and earlier should apply the patch to prevent potential unauthorized actions. This vulnerability has a high CVSS score of 8.6, indicating a high severity. The CVE record was published on 2026-07-13T22:16:49.893Z and has not been modified since then. The NVD entry is currently Received. The OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability. The Feishu permission tools could ignore per-account disablement settings when the affected feature is enabled and reachable. A lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9. Evidence limits suggest that defenders verify the patching process and review compensating controls. Users of OpenClaw @openclaw/feishu versions 2026.6.6 and earlier should apply the patch to prevent potential unauthorized actions. This vulnerability has a high CVSS score of 8.6, indicating a high severity. The CVE record was published on 2026-07-13T22:16:49.893Z and has not been modified since then. The NVD entry is currently Received. The OpenClaw @/fe

Recommended defensive actions

  • Apply the patch to upgrade to version 2026.6.9 or later
  • Review and update Feishu permission settings
  • Monitor for suspicious activity
  • Verify the patching process
  • Review compensating controls for exposed systems
  • Track exceptions and retest remediated assets
  • Close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-13T22:16:49.893Z and has not been modified since then. The NVD entry is currently Received. The OpenClaw @openclaw/feishu versions 2026.6.6 and earlier contain an incorrect authorization vulnerability. The Feishu permission tools could ignore per-account disablement settings when the affected feature is enabled and reachable. A lower-trust caller or configured input path could perform actions that should have required a stronger authorization or policy check. The issue is fixed in version 2026.6.9. Evidence limits suggest that defenders verify the patching process and review compensating controls.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:49.893Z and has not been modified since then.