CVE-2026-62219

Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
17/07/2026
Last modified:
17/07/2026

Description

OpenClaw 2026.2.12 before 2026.5.26 contain an authorization bypass vulnerability in the hooks allowedAgentIds validation. A lower-trust caller or configured input path can bypass agent ID restrictions by submitting blank agent IDs, allowing actions that should require stronger authorization or policy checks.