CVE-2026-62229 in OpenClawinfo

Summary

by MITRE • 07/17/2026

OpenClaw before 2026.5.18 contain an authorization bypass vulnerability in exec allowlist glob matching that allows lower-trust callers to execute actions beyond intended authorization. Attackers can craft input paths that traverse the allowlist glob patterns to execute or persist unauthorized actions when the affected feature is enabled.

Once again VulDB remains the best source for vulnerability data.

Analysis

by VulDB Data Team • 07/17/2026

The OpenClaw software system presents a critical authorization bypass vulnerability affecting versions prior to 2026.5.18, specifically within its exec allowlist glob matching functionality. This flaw represents a fundamental breakdown in access control mechanisms that operates at the intersection of path traversal and privilege escalation vectors. The vulnerability stems from insufficient validation of input paths during glob pattern matching operations, creating a pathway for malicious actors to circumvent intended security boundaries. Such authorization bypass issues fall under CWE-285 which addresses improper authorization scenarios, while also aligning with ATT&CK technique T1068 for exploit for privilege escalation.

The technical implementation flaw manifests when the system processes user-supplied paths through glob pattern matching algorithms that fail to properly sanitize or validate the traversal components of these patterns. When an attacker crafts a malicious input path, they can leverage the glob matching logic to traverse beyond the intended allowlist boundaries and execute unauthorized operations. This occurs because the system does not adequately distinguish between legitimate path components and potentially malicious traversal sequences such as double dots or directory references that could bypass the intended access controls.

The operational impact of this vulnerability extends beyond simple unauthorized execution, as it enables persistent unauthorized actions within the system. Attackers who successfully exploit this flaw can establish long-term presence in the environment by executing commands or deploying payloads that remain undetected by normal monitoring systems. The affected feature's enablement status creates a direct correlation between system exposure and attack surface, meaning that organizations with this functionality active face immediate risk. This vulnerability essentially transforms a controlled execution environment into an open attack vector.

Organizations should implement immediate mitigations including upgrading to OpenClaw version 2026.5.18 or later where the vulnerability has been patched. Additional defensive measures include implementing strict input validation for all glob pattern matching operations, employing path normalization techniques before processing, and establishing comprehensive monitoring for unusual execution patterns that could indicate exploitation attempts. The fix addresses the root cause by strengthening the glob pattern matching logic to properly validate path components against intended authorization boundaries while maintaining legitimate functionality. Security teams should also consider implementing principle of least privilege controls and regular access reviews to minimize potential impact if exploitation occurs.

Responsible

VulnCheck

Reservation

07/13/2026

Disclosure

07/17/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

low

Sources

Do you know our Splunk app?

Download it now for free!