PT-2026-57897 · Openclaw · Openclaw
Edward-X
·
Published
2026-07-13
·
Updated
2026-07-14
·
CVE-2026-62195
CVSS v3.1
8.3
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions 2026.5.20 through 2026.6.5
Description
An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling the execution or persistence of actions that exceed the caller's intended permissions.
Recommendations
Update OpenClaw to version 2026.6.6 or later.
Fix
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw