PT-2026-57897 · Openclaw · Openclaw

Edward-X

·

Published

2026-07-13

·

Updated

2026-07-14

·

CVE-2026-62195

CVSS v3.1

8.3

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.5.20 through 2026.6.5
Description An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling the execution or persistence of actions that exceed the caller's intended permissions.
Recommendations Update OpenClaw to version 2026.6.6 or later.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-62195

Affected Products

Openclaw