CVE-2026-62186: OpenClaw versions before 2026.6.8 contain an authorization bypass vulnerability in OpenAI-compatible HTTP model override
Summary
OpenClaw versions before 2026.6.8 have an authorization bypass vulnerability in OpenAI-compatible HTTP model overrides (a feature that lets the system use different AI models through a standard interface). Attackers with lower trust levels can exploit misconfigured input paths to bypass admin authorization checks (security rules that verify whether a user should be allowed to do something) and run restricted operations.
Solution / Mitigation
Upgrade to OpenClaw version 2026.6.8 or later.
Vulnerability Details
7.6(high)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L
network
low
low
none
July 13, 2026
Classification
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-62186
First tracked: July 13, 2026 at 08:07 PM
Classified by LLM (prompt v3) · confidence: 75%