PatchSiren cyber security CVE debrief
CVE-2026-62196 OpenClaw CVE debrief
CVE-2026-62196 is an authorization bypass vulnerability in OpenClaw versions 2026.3.22 before 2026.6.6. The vulnerability allows attackers with lower-trust access to perform actions requiring stronger authorization by leveraging group ID validation in the affected feature. OpenClaw's WhatsApp group IDs can satisfy elevated sender allowlists. This vulnerability has a high severity with a CVSS score of 8.7. Users of OpenClaw should verify their versions and apply patches or updates to version 2026.6.6 or later.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of OpenClaw versions 2026.3.22 before 2026.6.6 should be aware of this authorization bypass vulnerability. Attackers with lower-trust access can exploit this vulnerability to perform actions requiring stronger authorization. It is recommended that users verify their OpenClaw versions and apply patches or updates to version 2026.6.6 or later. OpenClaw operators, administrators, and security teams should review and implement compensating controls.
Technical summary
The vulnerability is caused by the improper validation of WhatsApp group IDs in OpenClaw versions 2026.3.22 before 2026.6.6. This allows attackers to bypass authorization and perform actions requiring stronger authorization. The affected product is OpenClaw, and the vulnerability has a high severity with a CVSS score of 8.7. OpenClaw's WhatsApp group IDs can satisfy elevated sender allowlists, enabling lower-trust access to perform actions requiring stronger authorization.
Defensive priority
High
Recommended defensive actions
- Inventory and verify OpenClaw versions 2026.3.22 before 2026.6.6
- Apply patches or updates to OpenClaw version 2026.6.6 or later
- Monitor for suspicious activity related to WhatsApp group IDs
- Implement compensating controls to restrict access to sensitive features
- Review OpenClaw configuration and WhatsApp group ID validation
- Verify OpenClaw version and update to 2026.6.6 or later
- Track and analyze WhatsApp group ID usage for potential abuse
Evidence notes
The CVE record was published on 2026-07-13T22:16:51.243Z and has not been modified since then. The NVD entry is currently Received. There is limited evidence available to support the vulnerability description. Further verification is needed to confirm the affected scope and severity. The source corpus provides limited detail, and defenders should verify OpenClaw versions and WhatsApp group ID validation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:51.243Z and has not been modified since then.