Policy Bypass Vulnerability in OpenClaw by OpenClaw
CVE-2026-62197

6.3MEDIUM

Key Information:

Vendor

Openclaw

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-62197?

OpenClaw versions prior to 2026.6.6 are susceptible to a policy bypass vulnerability found in browser CDP discovery. This flaw permits lower-trust users to access network destinations that should have been restricted by OpenClaw's policy. Specifically, when the affected feature is enabled, attackers can exploit this weakness to send and receive data via WebSocket URLs that should be blocked. This exposure could lead to unauthorized data access and potential compromise of the network security.

Affected Version(s)

OpenClaw 0 < 2026.6.6

OpenClaw 2026.6.6

References

CVSS V4

Score:
6.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Jason O'Neal (@jason-allen-oneal)
.