4 matches found
CVE-2026-62209
OpenClaw 2026.5.10-beta.1 before 2026.6.5 contains an authorization bypass in the ClickClack agent-mode dispatch feature. When enabled and reachable, a lower-trust caller or configured input path could bypass the required policy checks (toolsAllow), allowing actions that should require stronger a...
CVE-2026-62193
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...
CVE-2026-62193 OpenClaw 2026.6.5 < 2026.6.9 Authentication Bypass via Plugin Install
OpenClaw versions 2026.6.5 before 2026.6.9 contain a vulnerability in the plugin install wrappers that could skip the install policy authorization check. When the affected feature is enabled and reachable, a lower-trust caller or a configured input path could execute or persist actions beyond the...