PT-2026-57891 · Openclaw · Openclaw

Rex Liu

·

Publicado

2026-07-13

·

Atualizado

2026-07-13

·

CVE-2026-62189

CVSS v3.1

7.1

Alta

VetorAV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.

Correção

Time Of Check To Time Of Use

Link Following

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-62189

Produtos afetados

Openclaw