Authentication Bypass in OpenClaw Plugin by OpenClaw
CVE-2026-62193

6.9MEDIUM

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-62193?

OpenClaw versions prior to 2026.6.9 are susceptible to an authentication bypass flaw within the plugin installation wrappers. This vulnerability allows lower-trust callers or misconfigured input paths to execute or carry out actions that exceed their intended authorization, potentially leading to unauthorized access or persistent actions. The exploitability of this issue varies depending on the operator's specific configuration. The vulnerability is resolved in version 2026.6.9.

Affected Version(s)

OpenClaw 2026.6.5 < 2026.6.9

OpenClaw 2026.6.9

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rex Liu (@rexpository)
.