CVE-2026-62226
OpenClaw 2026.3.28 before 2026.5.19 contains an authorization bypass in the browser act route, due to failure to properly validate current-tab URL checks. This allows attackers with lower-trust access or configured input paths to perform actions that should be restricted by stronger authorization...