PT-2026-60625 · Openclaw · Openclaw

·

CVE-2026-62215

·

Published

2026-07-17

·

Updated

2026-07-17

CVSS v3.1

8.0

High

VectorAV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths, bypassing intended policy checks.

Fix

Insufficient Verification of Data Authenticity

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-62215

Affected Products

Openclaw