CVE-2026-62191

Source
https://cve.org/CVERecord?id=CVE-2026-62191
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-62191.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-62191
Aliases
  • GHSA-v7hx-r36p-f68m
Downstream
Published
2026-07-13T21:30:14.078Z
Modified
2026-07-16T03:49:10.298965648Z
Severity
  • 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenClaw 2026.6.6 < 2026.6.9 Authorization Bypass via Message Mutations
Details

OpenClaw versions 2026.6.6 before 2026.6.9 contain an authorization bypass vulnerability in message mutation handling that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to skip requester authorization and execute privileged operations when the affected feature is enabled and reachable.

Database specific
{
    "cwe_ids": [
        "CWE-862",
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/62xxx/CVE-2026-62191.json",
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Database specific
{
    "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
    "extracted_events": [
        {
            "introduced": "2026.6.6"
        },
        {
            "fixed": "2026.6.9"
        }
    ],
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-62191.json"