GHSA-86p5-rr4v-4pj8
OpenClaw versions prior to 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust users to access administrative tools. This occurs due to insufficient policy checks on configured input paths, enabling unauthorized actions that normally require stronger authorization.
AI Analysis
Technical Summary
CVE-2026-62207 describes an authentication bypass vulnerability in OpenClaw before version 2026.6.5. The flaw arises from inadequate policy enforcement on input paths, permitting attackers with lower privileges to reach admin-scoped tools and perform actions requiring higher authorization levels. This vulnerability is categorized under CWE-862 (Missing Authorization). No patch or official fix information is currently available, and no known exploits have been reported in the wild.
Potential Impact
Exploitation of this vulnerability allows attackers with limited privileges to bypass authentication controls and access administrative functions. This could lead to unauthorized administrative actions, potentially compromising system integrity and security. The vulnerability is rated with high severity based on the potential impact on authorization controls.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to affected OpenClaw versions and monitor for unusual administrative activity. Avoid exposing vulnerable versions to untrusted users.
GHSA-86p5-rr4v-4pj8
Description
OpenClaw versions prior to 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust users to access administrative tools. This occurs due to insufficient policy checks on configured input paths, enabling unauthorized actions that normally require stronger authorization.
CVSS v4.0
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-62207 describes an authentication bypass vulnerability in OpenClaw before version 2026.6.5. The flaw arises from inadequate policy enforcement on input paths, permitting attackers with lower privileges to reach admin-scoped tools and perform actions requiring higher authorization levels. This vulnerability is categorized under CWE-862 (Missing Authorization). No patch or official fix information is currently available, and no known exploits have been reported in the wild.
Potential Impact
Exploitation of this vulnerability allows attackers with limited privileges to bypass authentication controls and access administrative functions. This could lead to unauthorized administrative actions, potentially compromising system integrity and security. The vulnerability is rated with high severity based on the potential impact on authorization controls.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, restrict access to affected OpenClaw versions and monitor for unusual administrative activity. Avoid exposing vulnerable versions to untrusted users.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-86p5-rr4v-4pj8
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-62207"]
- Ecosystems
- []
- Database Specific Severity
- HIGH
- Cvss Version
- 4.0
Threat ID: 6a5a009e91ae9bcd3f7eed71
Added to database: 07/17/2026, 10:14:54 UTC
Last enriched: 07/17/2026, 10:19:48 UTC
Last updated: 07/18/2026, 08:59:15 UTC
Views: 6
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.