CVE-2026-62223 in OpenClawinfo

Summary

by MITRE • 07/17/2026

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in the device-pair approval feature that allows lower-trust callers to execute actions beyond their intended authorization. Attackers can exploit misconfigured input paths to execute or persist unauthorized actions when the affected feature is enabled and reachable.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 07/17/2026

The OpenClaw software version prior to 2026.5.18 contains a critical authorization bypass vulnerability within its device-pair approval functionality that fundamentally undermines the security posture of the system. This flaw resides in the authentication and access control mechanisms that govern how devices interact and approve connections within the platform ecosystem. The vulnerability specifically targets the trust model implementation where lower privilege or untrusted callers can manipulate the approval process to gain elevated privileges or execute operations they should not be authorized to perform. The technical nature of this flaw allows attackers to exploit misconfigured input validation paths that should normally enforce strict authorization checks before permitting device pairing actions. When the device-pair approval feature is enabled and accessible, malicious actors can leverage this weakness to bypass intended security controls and gain unauthorized access to system resources or functions.

The operational impact of this vulnerability extends beyond simple privilege escalation as it enables persistent unauthorized access patterns that can compromise the entire device management infrastructure. Attackers who successfully exploit this authorization bypass can maintain long-term access to connected devices, potentially allowing them to monitor communications, modify device configurations, or even use compromised devices as entry points for broader network infiltration. The vulnerability's reach is amplified when considering that device pairing represents a critical trust boundary within IoT and industrial control systems where proper authorization is essential for maintaining system integrity. This flaw can be particularly dangerous in environments where OpenClaw is used for critical infrastructure management or security monitoring, as it could allow attackers to establish backdoors or maintain unauthorized access to sensitive operational systems.

Security controls that should normally prevent such unauthorized actions are bypassed through manipulation of input parameters that control the device approval workflow. The vulnerability likely stems from insufficient validation of caller credentials or trust levels during the pairing process, allowing low-trust entities to impersonate higher privilege users or circumvent access controls entirely. This authorization bypass represents a direct violation of the principle of least privilege and could be classified under CWE-285 which addresses improper authorization in software systems. From an attack framework perspective, this vulnerability aligns with techniques described in the MITRE ATT&CK framework under the Privilege Escalation and Persistence domains, where adversaries establish unauthorized access that can be maintained over time. Organizations using OpenClaw should implement immediate mitigations including disabling the affected feature until a patched version is deployed, implementing additional network segmentation controls, and conducting comprehensive security assessments of all device pairing workflows to identify potential exploitation vectors.

The root cause of this authorization bypass vulnerability demonstrates a fundamental flaw in how trust relationships are validated within the device pairing approval process. The system fails to adequately verify the authenticity and authorization level of entities attempting to approve device connections, creating an exploitable gap where lower privilege users can manipulate system state to gain elevated access rights. This weakness highlights the importance of robust input validation and proper access control implementation in security-critical components. Organizations should consider applying the principle of defense in depth by implementing additional verification mechanisms beyond the native authorization controls, including multi-factor authentication for device pairing operations, enhanced logging and monitoring of approval activities, and regular security audits of trust model implementations. The vulnerability serves as a reminder that even seemingly simple features like device pairing can become critical attack vectors when proper authorization controls are not properly enforced, making it essential for system administrators to maintain updated security configurations and promptly address known vulnerabilities through official patches or workarounds.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!