Vulnerability  ·  2026-07-19

OpenClaw ClickClack Agent-Mode Dispatch Authorization Bypass Ignores toolsAllow Policy

VulnerabilityHigh impactGlobalCVE-2026-62209
A GitHub Security Advisory (CVSS 8.1) disclosed an authorization bypass in OpenClaw's ClickClack agent-mode dispatch path that could allow the toolsAllow allowlist policy to be ignored, letting less-trusted input paths invoke tools beyond their intended scope.
OpenClaw is a chat-driven agent gateway; a toolsAllow bypass means an attacker able to reach the agent via a lower-trust channel (e.g., a group chat or webhook) can invoke privileged tool actions that operators explicitly intended to restrict, defeating the primary access-control mechanism for agent tool use.
The ClickClack agent-mode dispatch feature can ignore the toolsAllow policy check meant to gate which tools an agent is permitted to invoke. When the feature is enabled and reachable, a lower-trust caller or a configured input path (e.g., an inbound chat message) can trigger tool actions that should have required a stronger authorization check.
OpenClaw versions 2026.5.10-beta.1 before 2026.6.5
Upgrade to OpenClaw 2026.6.5 or later; review GHSA-wp73-f3gg-w4vr for configuration guidance.
GitHub Security Advisory GHSA-wp73-f3gg-w4vrTenable CVE-2026-62209
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →