2 matches found
CVE-2026-62195 OpenClaw 2026.5.20 < 2026.6.6 Authorization Bypass via MCP loopback
OpenClaw versions 2026.5.20 before 2026.6.6 contain an authorization bypass vulnerability in the MCP loopback feature that allows lower-trust callers to execute owner-only tools. Attackers can bypass authorization checks through configured input paths to execute or persist actions beyond their...
PT-2026-57897
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.5.20 through 2026.6.5 Description An authorization bypass exists in the MCP loopback feature. This issue allows lower-trust callers to execute tools reserved for the owner by utilizing configured input paths, enabling th...