PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62191 OpenClaw CVE debrief

CVE-2026-62191 is an authorization bypass vulnerability in OpenClaw versions 2026.6.6 before 2026.6.9. The vulnerability allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable. This vulnerability has a high severity with a CVSS score of 7.1.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 7.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of OpenClaw versions 2026.6.6 before 2026.6.9 should be aware of this authorization bypass vulnerability and take steps to mitigate it. Affected operators, platform administrators, vulnerability management teams, and security teams should review the vulnerability details and implement necessary controls.

Technical summary

The vulnerability is caused by an authorization bypass in message mutation handling in OpenClaw versions 2026.6.6 before 2026.6.9. This allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable. Affected operators and platform administrators should verify OpenClaw versions and review official advisories for guidance on mitigating this high-severity vulnerability with a CVSS score of 7.1. Evidence is limited; defenders should validate affected scope and implement necessary controls.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify affected OpenClaw versions
  • Apply vendor patches or updates
  • Monitor for suspicious activity
  • Implement compensating controls
  • Review and update authorization checks
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-13T22:16:50.310Z and has not been modified since then. The NVD entry is currently Received. There is limited evidence available to confirm affected scope and severity. Defenders should verify OpenClaw versions 2026.6.6 before 2026.6.9 for potential exposure and review official advisories for guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:50.310Z and has not been modified since then. The NVD entry is currently Received.