CVE-2026-62194

Source
https://cve.org/CVERecord?id=CVE-2026-62194
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-62194.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-62194
Aliases
  • GHSA-7vrr-rp4x-4g76
Downstream
Published
2026-07-13T21:30:16.154Z
Modified
2026-07-16T03:49:10.292521853Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N CVSS Calculator
Summary
OpenClaw 2026.5.20 < 2026.6.9 Privilege Escalation via Plugin Install
Details

OpenClaw versions 2026.5.20 before 2026.6.9 contain a privilege escalation vulnerability in plugin install commands that allows lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the feature is reachable.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/62xxx/CVE-2026-62194.json",
    "cwe_ids": [
        "CWE-732",
        "CWE-862"
    ],
    "cna_assigner": "VulnCheck"
}
References

Affected packages

Git / github.com/openclaw/openclaw

Affected ranges

Type
GIT
Repo
https://github.com/openclaw/openclaw
Events
Database specific
{
    "cpe": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*",
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "2026.5.20"
        },
        {
            "fixed": "2026.6.9"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-62194.json"