PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62226 OpenClaw CVE debrief

OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks. This vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity. Users of OpenClaw 2026.3.28 before 2026.5.19 should be aware of this authorization bypass vulnerability and take steps to mitigate it.

Vendor
OpenClaw
Product
Unknown
CVSS
MEDIUM 5.1
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of OpenClaw 2026.3.28 before 2026.5.19 should be aware of this authorization bypass vulnerability and take steps to mitigate it. This includes verifying OpenClaw versions, checking for 2026.5.19 or later, and implementing compensating controls to restrict access to the browser act route. Security teams and operators should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route. The vulnerability fails to properly validate current-tab URL checks, allowing attackers with lower-trust access or configured input paths to perform actions requiring stronger authorization or policy checks. This vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity.

Defensive priority

Medium priority given the CVSS score of 5.1 and the potential for attackers to perform actions requiring stronger authorization.

Recommended defensive actions

  • Inventory and verify OpenClaw versions, checking for 2026.5.19 or later.
  • Implement compensating controls to restrict access to the browser act route.
  • Monitor for suspicious activity related to OpenClaw.
  • Apply vendor remediation when available.
  • Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
  • Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented.

Evidence notes

Evidence is limited, but the CVE record and NVD detail provide some information about the vulnerability. The OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks. Defenders should verify OpenClaw versions, check for 2026.5.19 or later, and implement compensating controls to restrict access to the browser act route.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:09.887Z and has not been modified since then.