PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62228 OpenClaw CVE debrief

A vulnerability was found in OpenClaw before version 2026.6.5. The issue is an authorization bypass in node exec approvals, which allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. This vulnerability has a high impact on OpenClaw deployments, as it can allow attackers to persist or execute actions that exceed the caller's approved permissions. Users of OpenClaw should review their environments and take steps to mitigate this vulnerability.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 7.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of OpenClaw before version 2026.6.5 should be aware of this vulnerability and take steps to mitigate it. This includes reviewing and restricting node exec approvals to ensure proper authorization, monitoring for suspicious activity in OpenClaw environments, and updating OpenClaw to version 2026.6.5 or later. Security teams and vulnerability management teams should prioritize this vulnerability due to its high severity and potential impact on OpenClaw deployments.

Technical summary

The vulnerability is caused by an authorization bypass in node exec approvals. This allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. The issue affects OpenClaw before version 2026.6.5 and has a CVSS score of 7.7. The vulnerability can be exploited by attackers to execute actions that exceed the caller's approved permissions.

Defensive priority

High

Recommended defensive actions

  • Update OpenClaw to version 2026.6.5 or later
  • Review and restrict node exec approvals to ensure proper authorization
  • Monitor for suspicious activity in OpenClaw environments
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Check relevant monitoring, detection, and logs for exposed assets that need extra review
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up

Evidence notes

The CVE record was published on 2026-07-17T02:18:10.153Z and has not been modified since then. The NVD entry is currently Received. There is limited evidence available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The authorization bypass in node exec approvals allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. This issue affects OpenClaw before version 2026.6.5.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:10.153Z and has not been modified since then.