PatchSiren cyber security CVE debrief
CVE-2026-62217 OpenClaw CVE debrief
A high-severity authorization flaw was found in OpenClaw 2026.5.14-beta.1. The QQBot exec approvals feature, when enabled and reachable, allows lower-trust callers or configured input paths to execute or persist actions beyond their intended authorization. This could enable non-allowlisted senders to perform unauthorized operations. The vulnerability has a CVSS score of 7.7 and is classified as HIGH severity. Users and administrators should assess the exposure of the QQBot exec approvals feature in their OpenClaw deployments and verify the current version to check for any available patches or updates.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 7.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of OpenClaw 2026.5.14-beta.1 should be aware of this vulnerability, especially if the QQBot exec approvals feature is enabled and exposed. They should assess if the feature is enabled and exposed in their deployment, verify the current version, and check for any available patches or updates. Additionally, they should implement compensating controls to limit access to the feature until a patch is applied and monitor for any suspicious activities related to the QQBot exec approvals feature. Affected operators, platforms, vulnerability management, and security teams should review and update authorization settings to ensure that only authorized users can perform actions.
Technical summary
The OpenClaw 2026.5.14-beta.1 version contains an authorization flaw in the QQBot exec approvals feature. This feature, when enabled and accessible, permits lower-trust callers or configured input paths to execute or persist actions beyond the caller's intended authorization. Consequently, non-allowlisted senders may perform unauthorized operations. The vulnerability has a CVSS score of 7.7 and is classified as HIGH severity.
Defensive priority
Given the high severity and potential impact, immediate attention is recommended to assess the vulnerability's relevance and apply necessary mitigations or patches.
Recommended defensive actions
- Assess if the QQBot exec approvals feature is enabled and exposed in your OpenClaw 2026.5.14-beta.1 deployment.
- Verify the current version and check for any available patches or updates.
- Implement compensating controls to limit access to the feature until a patch is applied.
- Monitor for any suspicious activities related to the QQBot exec approvals feature.
- Review and update authorization settings to ensure that only authorized users can perform actions.
Evidence notes
The CVE record was published on 2026-07-17T02:18:08.553Z and has not been modified since then. The NVD entry is currently in the 'Received' status. Limited details are available about the specific conditions and vectors of exploitation.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:08.553Z and has not been modified since then. The NVD entry is currently Received.