6 matches found
CVE-2026-62211
OpenClaw versions before 2026.6.1 contain a credential redaction bypass vulnerability in the trajectory export feature that allows lower-trust callers to access data that should remain within trusted boundaries. Attackers can exploit misconfigured input paths or feature accessibility to expose...
CVE-2026-62207
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability that allows lower-trust callers to reach admin-scoped tools. Attackers can perform actions requiring stronger authorization by exploiting insufficient policy checks on configured input paths...
CVE-2026-62207
The CVE-2026-62207 entry affects OpenClaw versions before 2026.6.5, where an authentication bypass exists due to insufficient policy checks on configured input paths. This vulnerability allows lower-trust callers to reach admin-scoped tools and perform actions that require higher authorization, a...
CVE-2026-62202
OpenClaw is affected: version 2026.6.1 prior to 2026.6.9 contains a privilege escalation in isolated cron jobs. The root cause involves misconfigured input paths in the cron feature, enabling lower-trust callers to regain denied execution tools and to execute or persist actions beyond their inten...
CVE-2026-62186
OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides that allows lower-trust callers to perform actions requiring stronger authorization checks. Attackers can exploit misconfigured input paths to bypass admin authorization...
PT-2026-57888
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.6.8 Description An authorization bypass exists in OpenAI-compatible HTTP model overrides. This issue allows callers with lower trust levels to perform actions that typically require stronger authorization checks...