CVE-2026-62195 in OpenClawinfo

Summary

by MITRE • 07/14/2026

OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their intended permissions.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/14/2026

The OpenClaw software suite version 2026.5.20 and earlier contains a critical authorization bypass vulnerability within its MCP loopback feature that fundamentally compromises the system's trust model. This vulnerability stems from inadequate validation of caller credentials during the loopback process, allowing entities with lower privilege levels to escalate their capabilities and execute commands or tools that should be restricted to owner-level users only. The flaw specifically manifests in how the system handles input paths configured for loopback operations, creating a pathway where malicious actors can manipulate the authorization flow without proper verification.

The technical implementation of this vulnerability resides in the MCP loopback mechanism's insufficient credential validation procedures. When legitimate callers attempt to utilize loopback features, the system fails to properly authenticate or authorize these requests against the configured input paths, enabling unauthorized users to bypass standard permission checks. This authorization bypass operates through the manipulation of input parameters that are processed by the loopback feature, allowing attackers to inject commands or access restricted functionality. The vulnerability directly maps to CWE-285 which addresses improper authorization in software systems, and aligns with ATT&CK technique T1078 for valid accounts and privilege escalation.

The operational impact of this vulnerability extends beyond simple unauthorized command execution, as it provides persistent access capabilities that can be leveraged for extended compromise. Attackers who successfully exploit this flaw can maintain their elevated privileges through the loopback mechanism, potentially establishing long-term presence within the system while remaining undetected by standard monitoring procedures. The affected environment becomes vulnerable to privilege escalation attacks where attackers can execute owner-only tools and commands that should normally be restricted to administrators or system owners. This creates a significant risk for unauthorized data access, system manipulation, and potential lateral movement within networked environments.

Mitigation strategies for this vulnerability require immediate patching of the OpenClaw software to version 2026.6.6 or later, which contains the necessary authorization checks and credential validation improvements. Organizations should implement additional monitoring around MCP loopback feature usage and establish strict audit trails for any elevated privilege operations. Network segmentation and principle of least privilege enforcement can help limit the potential impact if exploitation occurs. Security teams should also conduct comprehensive vulnerability assessments to identify any other systems using affected OpenClaw versions and ensure proper authorization controls are in place throughout the enterprise infrastructure. The fix addresses the core issue by implementing robust credential validation mechanisms that properly authenticate callers against their intended permissions before allowing access to restricted tools or commands through the loopback interface.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/14/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

medium

Sources

Interested in the pricing of exploits?

See the underground prices here!