<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>OpenClaw (2026.3.22 Before 2026.6.6) - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/products/openclaw-2026.3.22-before-2026.6.6/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Mon, 13 Jul 2026 22:28:18 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/products/openclaw-2026.3.22-before-2026.6.6/feed.xml" rel="self" type="application/rss+xml"/><item><title>OpenClaw Authorization Bypass via WhatsApp Group IDs (CVE-2026-62196)</title><link>https://feed.craftedsignal.io/briefs/2026-07-openclaw-auth-bypass/</link><pubDate>Mon, 13 Jul 2026 22:28:18 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-openclaw-auth-bypass/</guid><description>An authorization bypass vulnerability, CVE-2026-62196, in OpenClaw versions 2026.3.22 before 2026.6.6 allows attackers with lower-trust access to perform actions requiring stronger authorization by leveraging WhatsApp group ID validation.</description><content:encoded><![CDATA[<p>OpenClaw versions 2026.3.22 up to, but not including, 2026.6.6 are affected by an authorization bypass vulnerability, identified as CVE-2026-62196. This flaw stems from an improper validation mechanism where WhatsApp group IDs can be misused to satisfy elevated sender allowlists. Attackers who possess lower-trust access can exploit this vulnerability to circumvent the intended authorization checks, thereby gaining the ability to execute operations that typically demand higher levels of privilege within the OpenClaw system. This vulnerability allows for unauthorized access to sensitive functionalities and data manipulation. The CVSS v3.1 Base Score for this vulnerability is 8.3, classifying it as a high-severity issue that could lead to significant unauthorized control or data compromise.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker obtains initial, lower-trust access to an OpenClaw instance.</li>
<li>The attacker identifies a feature within OpenClaw that performs authorization checks based on WhatsApp group ID validation.</li>
<li>The attacker crafts a malicious request or input that includes a WhatsApp group ID designed to satisfy the elevated sender allowlist criteria.</li>
<li>This specially crafted request is sent to the vulnerable OpenClaw application, bypassing the intended authorization controls.</li>
<li>OpenClaw processes the request, mistakenly granting the attacker privileges or access beyond their assigned trust level.</li>
<li>The attacker then performs unauthorized actions, such as accessing sensitive data, modifying configurations, or executing commands that would otherwise require higher authorization.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>The successful exploitation of CVE-2026-62196 can lead to significant unauthorized access and privilege escalation within affected OpenClaw deployments. Attackers can bypass critical security mechanisms, potentially gaining control over sensitive application features or data. This could result in unauthorized data disclosure, data manipulation, or disruption of service, depending on the specific functionalities accessible with elevated privileges. While no specific victim counts or targeted sectors are detailed, any organization utilizing vulnerable OpenClaw versions is at risk of severe compromise if exposed.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Patch CVE-2026-62196 immediately by upgrading OpenClaw to version 2026.6.6 or later as recommended in the references.</li>
<li>Review access logs for unusual activity originating from lower-trust accounts or unexpected source IP addresses, focusing on any attempts to interact with features that process WhatsApp group IDs or require elevated privileges.</li>
</ul>
]]></content:encoded><category domain="severity">high</category><category domain="type">advisory</category><category>authorization-bypass</category><category>privilege-escalation</category><category>web-application</category><category>cve</category></item></channel></rss>