CVE-2026-62228 in OpenClawinfo

Summary

by MITRE • 07/17/2026

OpenClaw before 2026.6.5 contain an authorization bypass vulnerability in node exec approvals that allows lower-trust callers to execute actions beyond their intended authorization by using different gateway and node environments. Attackers can exploit mismatched environment configurations to persist or execute actions that exceed the caller's approved permissions.

Be aware that VulDB is the high quality source for vulnerability data.

Analysis

by VulDB Data Team • 07/17/2026

The OpenClaw software ecosystem presents a critical authorization bypass vulnerability affecting versions prior to 2026.6.5, specifically within the node execution approval mechanisms. This flaw resides in how the system handles trust levels and environment configurations during node execution processes, creating a pathway for malicious actors to escalate their privileges beyond intended boundaries. The vulnerability stems from insufficient validation of environment contexts when processing execution requests, allowing unauthorized operations through manipulated gateway and node environmental setups.

The technical implementation of this authorization bypass leverages mismatches between expected and actual environmental configurations within the system's trust model. When lower-trust callers submit execution requests, the system fails to properly validate whether the requesting environment aligns with the approved permissions for that specific action. This gap in validation enables attackers to craft requests that appear legitimate within one environment context while executing with elevated privileges in another environment where different authorization rules apply. The flaw operates at the intersection of environmental configuration management and trust boundary enforcement, creating opportunities for privilege escalation through environment manipulation.

This vulnerability has significant operational impact across enterprise security frameworks, particularly in environments where multiple trust levels and environmental contexts are managed simultaneously. Attackers can exploit this weakness to execute unauthorized commands on target systems without proper authorization, potentially leading to data exfiltration, system compromise, or lateral movement within network perimeters. The persistence aspect of this vulnerability allows attackers to maintain access beyond initial exploitation, making it particularly dangerous for long-term security operations and compliance requirements.

The vulnerability maps directly to CWE-285, which addresses improper authorization in software systems, and aligns with ATT&CK technique T1078 for valid accounts and privilege escalation. Organizations should implement immediate mitigations including enforcing strict environment validation checks, implementing comprehensive audit logging of execution requests across different environments, and establishing automated monitoring for mismatched environmental configurations. Additional protective measures include deploying network segmentation controls, implementing multi-factor authentication for critical node access, and conducting regular security assessments to identify potential environment configuration inconsistencies that could be exploited by attackers.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Interested in the pricing of exploits?

See the underground prices here!