Authorization Bypass in OpenClaw by OpenClaw
CVE-2026-62192

7.2HIGH

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-62192?

OpenClaw versions 2026.6.6 and earlier are susceptible to an authorization bypass vulnerability that affects Discord guild actions. This flaw enables users with lower-trust permissions to perform actions that typically require elevated permissions, exploiting misconfigured input paths. By circumventing cross-provider requester authorization checks, attackers can execute restricted operations, potentially compromising the integrity and security of affected systems.

Affected Version(s)

OpenClaw 2026.6.6 < 2026.6.9

OpenClaw 2026.6.9

References

CVSS V4

Score:
7.2
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rex Liu (@rexpository)
.