Vulnerability  ·  2026-07-18

OpenClaw Agent-Mode Dispatch Authorization Bypass Ignores Tool Allowlist Policy (CVE-2026-62209)

VulnerabilityHigh impactGlobalCVE-2026-62209
OpenClaw versions 2026.5.10-beta.1 before 2026.6.5 contain an authorization bypass in the ClickClack agent-mode dispatch feature that could cause the toolsAllow policy check to be ignored. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could perform actions requiring stronger authorization than was enforced. NVD published 2026-07-16/17, CVSS 8.1 (High, CVSS v3.1).
This is a direct agent-tool-authorization bypass — the exact class of flaw that lets a lower-privileged or untrusted input path invoke tools an agent's policy was designed to restrict, a core agentic-AI security control. Bypassing toolsAllow policy in an agent-mode dispatcher can let an attacker-controlled input path trigger privileged tool actions (file access, command execution, etc.) that the operator explicitly tried to fence off.
Exploitation of the ClickClack agent-mode dispatch feature to bypass the toolsAllow policy check, allowing a lower-trust caller or configured input path to invoke restricted tools
OpenClaw 2026.5.10-beta.1 before 2026.6.5
Upgrade to OpenClaw 2026.6.5 or later; see GitHub security advisory GHSA-wp73-f3gg-w4vr
GitHub Security Advisory GHSA-wp73-f3gg-w4vrNVD CVE-2026-62209
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →