CVE-2026-62189

Severity CVSS v4.0:
HIGH
Type:
CWE-59 Link Following
Publication date:
13/07/2026
Last modified:
13/07/2026

Description

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.