{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw-2026.3.22-before-2026.6.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.3,"id":"CVE-2026-62196"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (2026.3.22 before 2026.6.6)"],"_cs_severities":["high"],"_cs_tags":["authorization-bypass","privilege-escalation","web-application","cve"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eOpenClaw versions 2026.3.22 up to, but not including, 2026.6.6 are affected by an authorization bypass vulnerability, identified as CVE-2026-62196. This flaw stems from an improper validation mechanism where WhatsApp group IDs can be misused to satisfy elevated sender allowlists. Attackers who possess lower-trust access can exploit this vulnerability to circumvent the intended authorization checks, thereby gaining the ability to execute operations that typically demand higher levels of privilege within the OpenClaw system. This vulnerability allows for unauthorized access to sensitive functionalities and data manipulation. The CVSS v3.1 Base Score for this vulnerability is 8.3, classifying it as a high-severity issue that could lead to significant unauthorized control or data compromise.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker obtains initial, lower-trust access to an OpenClaw instance.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a feature within OpenClaw that performs authorization checks based on WhatsApp group ID validation.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious request or input that includes a WhatsApp group ID designed to satisfy the elevated sender allowlist criteria.\u003c/li\u003e\n\u003cli\u003eThis specially crafted request is sent to the vulnerable OpenClaw application, bypassing the intended authorization controls.\u003c/li\u003e\n\u003cli\u003eOpenClaw processes the request, mistakenly granting the attacker privileges or access beyond their assigned trust level.\u003c/li\u003e\n\u003cli\u003eThe attacker then performs unauthorized actions, such as accessing sensitive data, modifying configurations, or executing commands that would otherwise require higher authorization.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThe successful exploitation of CVE-2026-62196 can lead to significant unauthorized access and privilege escalation within affected OpenClaw deployments. Attackers can bypass critical security mechanisms, potentially gaining control over sensitive application features or data. This could result in unauthorized data disclosure, data manipulation, or disruption of service, depending on the specific functionalities accessible with elevated privileges. While no specific victim counts or targeted sectors are detailed, any organization utilizing vulnerable OpenClaw versions is at risk of severe compromise if exposed.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-62196 immediately by upgrading OpenClaw to version 2026.6.6 or later as recommended in the references.\u003c/li\u003e\n\u003cli\u003eReview access logs for unusual activity originating from lower-trust accounts or unexpected source IP addresses, focusing on any attempts to interact with features that process WhatsApp group IDs or require elevated privileges.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T22:28:18Z","date_published":"2026-07-13T22:28:18Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-auth-bypass/","summary":"An authorization bypass vulnerability, CVE-2026-62196, in OpenClaw versions 2026.3.22 before 2026.6.6 allows attackers with lower-trust access to perform actions requiring stronger authorization by leveraging WhatsApp group ID validation.","title":"OpenClaw Authorization Bypass via WhatsApp Group IDs (CVE-2026-62196)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-auth-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - OpenClaw (2026.3.22 Before 2026.6.6)","version":"https://jsonfeed.org/version/1.1"}