PatchSiren cyber security CVE debrief
CVE-2026-62226 OpenClaw CVE debrief
OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks. This vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity. Users of OpenClaw 2026.3.28 before 2026.5.19 should be aware of this authorization bypass vulnerability and take steps to mitigate it.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of OpenClaw 2026.3.28 before 2026.5.19 should be aware of this authorization bypass vulnerability and take steps to mitigate it. This includes verifying OpenClaw versions, checking for 2026.5.19 or later, and implementing compensating controls to restrict access to the browser act route. Security teams and operators should review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route. The vulnerability fails to properly validate current-tab URL checks, allowing attackers with lower-trust access or configured input paths to perform actions requiring stronger authorization or policy checks. This vulnerability has a CVSS score of 5.1 and is classified as MEDIUM severity.
Defensive priority
Medium priority given the CVSS score of 5.1 and the potential for attackers to perform actions requiring stronger authorization.
Recommended defensive actions
- Inventory and verify OpenClaw versions, checking for 2026.5.19 or later.
- Implement compensating controls to restrict access to the browser act route.
- Monitor for suspicious activity related to OpenClaw.
- Apply vendor remediation when available.
- Review the supplied official advisory or CVE record to validate affected scope, severity, and vendor guidance.
- Plan vendor-supported updates or mitigations through normal change control where exposure is confirmed.
- Track exceptions, retest remediated assets, and close the item only after evidence is documented.
Evidence notes
Evidence is limited, but the CVE record and NVD detail provide some information about the vulnerability. The OpenClaw 2026.3.28 before 2026.5.19 contain an authorization bypass vulnerability in the browser act route that fails to properly validate current-tab URL checks. Attackers with lower-trust access or configured input paths can perform actions requiring stronger authorization or policy checks. Defenders should verify OpenClaw versions, check for 2026.5.19 or later, and implement compensating controls to restrict access to the browser act route.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:09.887Z and has not been modified since then.