CVE-2026-62197
Severity CVSS v4.0:
MEDIUM
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
13/07/2026
Last modified:
13/07/2026
Description
OpenClaw before 2026.6.6 contains a policy bypass vulnerability in browser CDP discovery that accepts blocked WebSocket URLs. Attackers with lower-trust access can reach network destinations that should have been blocked by OpenClaw policy when the affected feature is enabled.
Impact
Base Score 4.0
6.30
Severity 4.0
MEDIUM
Base Score 3.x
8.50
Severity 3.x
HIGH



