CVE-2026-62221 in OpenClawinfo

Summary

by MITRE • 07/17/2026

OpenClaw 2026.5.12 before 2026.5.26 contain an incorrect authorization vulnerability in the ClickClack allowFrom feature. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization, including running non-allowlisted commands.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/17/2026

The OpenClaw software version 2026.5.12 through 2026.5.25 contains a critical authorization flaw that stems from improper access control implementation within its ClickClack allowFrom feature. This vulnerability represents a direct violation of the principle of least privilege and demonstrates a classic failure in authorization enforcement mechanisms that can lead to privilege escalation and unauthorized system access.

The technical flaw manifests through an incorrect implementation of the allowFrom functionality which is designed to restrict access based on source IP addresses or other caller identifiers. When this feature is enabled and accessible, it fails to properly validate whether incoming requests originate from authorized sources or contain legitimate credentials. The vulnerability allows malicious actors with lower trust levels or those who can manipulate input parameters to bypass intended authorization boundaries.

This authorization bypass enables attackers to execute commands that should normally be restricted to higher privilege users or specific trusted entities. The flaw specifically permits execution of non-allowlisted commands, which means that unauthorized processes can be initiated through the vulnerable interface without proper authentication or authorization checks. This capability creates a persistent threat vector that can be exploited for ongoing system compromise.

The operational impact of this vulnerability extends beyond simple command execution to include potential persistence mechanisms within the affected system. Attackers could establish backdoors or maintain long-term access through the compromised ClickClack allowFrom feature, making this an especially dangerous vulnerability in production environments where continuous monitoring and access control are critical.

This vulnerability maps directly to CWE-285 which addresses improper authorization issues in software systems. The flaw also aligns with ATT&CK technique T1078 which covers valid accounts and legitimate credentials for unauthorized access. Organizations should implement immediate mitigation strategies including disabling the vulnerable ClickClack allowFrom feature until a patched version is deployed.

The remediation approach requires updating to OpenClaw version 2026.5.26 or later where the authorization checks have been properly implemented. Additionally, network segmentation and firewall rules should be configured to restrict access to the affected feature at the network level while implementing proper input validation and source verification mechanisms that align with industry best practices for secure application development and deployment.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!