Skip to main content

OpenClaw EUVDEUVD-2026-45103

| CVE-2026-62215 MEDIUM
Insufficient Verification of Data Authenticity (CWE-345)
2026-07-17 VulnCheck GHSA-2x3r-854j-qm5f
5.1
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
5.1 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
8.0 HIGH

Network vector with no privileges required; scope changed to capture high downstream C/I impact; UI:R and AC:H reflect the user interaction and complexity prerequisites from the 4.0 vector.

3.1 AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
4.0 AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
A
Scope
X

Lifecycle Timeline

2
Patch available
Jul 17, 2026 - 02:32 EUVD
Analysis Generated
Jul 17, 2026 - 01:05 vuln.today

DescriptionCVE.org

OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths, bypassing intended policy checks.

AnalysisAI

Authentication bypass in OpenClaw before 2026.6.5 enables lower-trust network callers to forge A2UI actions that require higher authorization by submitting crafted HTTP Canvas responses through configured input paths. The flaw (CWE-345: Insufficient Verification of Data Authenticity) allows an attacker to subvert OpenClaw's trust hierarchy and execute privileged actions on downstream systems (SC:H/SI:H per CVSS 4.0), without any direct impact on the OpenClaw instance itself. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify configured input path in target OpenClaw deployment
Delivery
Craft HTTP Canvas response with forged high-trust A2UI action metadata
Exploit
Engineer victim user interaction to trigger Canvas response processing
Execution
Submit crafted request through accessible input path
Persist
Bypass trust-level policy check (CWE-345)
Impact
Execute unauthorized privileged actions on subsequent downstream systems

Vulnerability AssessmentAI

Exploitation Exploitation requires the attacker to operate as or manipulate a lower-trust caller within OpenClaw's trust model and have the ability to submit HTTP Canvas responses through at least one configured input path in the target deployment. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 vector (AV:N/AC:H/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N) indicates network reachability with no required privileges, but the combination of high attack complexity (AC:H) and active user interaction (UI:A) significantly constrains opportunistic exploitation - an attacker must engineer specific conditions and likely involve a user action to trigger the trust bypass. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with access to a lower-trust caller role - or who can manipulate such a caller - crafts a malicious HTTP Canvas response payload and injects it through a configured input path in OpenClaw, embedding forged A2UI action metadata that falsely asserts a higher trust level. The high attack complexity and active user interaction requirement (AC:H/UI:A) suggest the attacker must engineer a specific trigger condition, such as inducing a legitimate user to interact with content that initiates the forged Canvas response flow. …
Remediation Upgrade to OpenClaw version 2026.6.5 or later, which is the first release addressing this authentication bypass; the 'before 2026.6.5' affected range in the CVE description identifies this as the remediated boundary. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-28446 CRITICAL POC
9.4 Mar 05

Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.

CVE-2026-33579 CRITICAL POC
9.4 Mar 31

Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b

CVE-2026-32042 HIGH POC
8.8 Mar 21

OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att

CVE-2026-32051 HIGH POC
8.8 Mar 21

An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.

CVE-2026-25253 HIGH POC
8.8 Feb 01

OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e

CVE-2026-32846 HIGH POC
8.7 Mar 26

Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in

CVE-2026-32064 HIGH POC
7.7 Mar 21

OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all

CVE-2026-32055 HIGH POC
7.6 Mar 21

OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director

CVE-2026-32056 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func

CVE-2026-32049 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste

CVE-2026-32048 HIGH POC
7.5 Mar 21

OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low

CVE-2026-25474 HIGH POC
7.5 Feb 19

OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec

Share

EUVD-2026-45103 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy