PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62196 OpenClaw CVE debrief

CVE-2026-62196 is an authorization bypass vulnerability in OpenClaw versions 2026.3.22 before 2026.6.6. The vulnerability allows attackers with lower-trust access to perform actions requiring stronger authorization by leveraging group ID validation in the affected feature. OpenClaw's WhatsApp group IDs can satisfy elevated sender allowlists. This vulnerability has a high severity with a CVSS score of 8.7. Users of OpenClaw should verify their versions and apply patches or updates to version 2026.6.6 or later.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of OpenClaw versions 2026.3.22 before 2026.6.6 should be aware of this authorization bypass vulnerability. Attackers with lower-trust access can exploit this vulnerability to perform actions requiring stronger authorization. It is recommended that users verify their OpenClaw versions and apply patches or updates to version 2026.6.6 or later. OpenClaw operators, administrators, and security teams should review and implement compensating controls.

Technical summary

The vulnerability is caused by the improper validation of WhatsApp group IDs in OpenClaw versions 2026.3.22 before 2026.6.6. This allows attackers to bypass authorization and perform actions requiring stronger authorization. The affected product is OpenClaw, and the vulnerability has a high severity with a CVSS score of 8.7. OpenClaw's WhatsApp group IDs can satisfy elevated sender allowlists, enabling lower-trust access to perform actions requiring stronger authorization.

Defensive priority

High

Recommended defensive actions

  • Inventory and verify OpenClaw versions 2026.3.22 before 2026.6.6
  • Apply patches or updates to OpenClaw version 2026.6.6 or later
  • Monitor for suspicious activity related to WhatsApp group IDs
  • Implement compensating controls to restrict access to sensitive features
  • Review OpenClaw configuration and WhatsApp group ID validation
  • Verify OpenClaw version and update to 2026.6.6 or later
  • Track and analyze WhatsApp group ID usage for potential abuse

Evidence notes

The CVE record was published on 2026-07-13T22:16:51.243Z and has not been modified since then. The NVD entry is currently Received. There is limited evidence available to support the vulnerability description. Further verification is needed to confirm the affected scope and severity. The source corpus provides limited detail, and defenders should verify OpenClaw versions and WhatsApp group ID validation.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:51.243Z and has not been modified since then.