{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw-versions-2026.5.20-before-2026.6.9/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-62194"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw versions 2026.5.20 before 2026.6.9"],"_cs_severities":["high"],"_cs_tags":["privilege-escalation","vulnerability","openclaw"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eA high-severity privilege escalation vulnerability, tracked as CVE-2026-62194, affects OpenClaw versions 2026.5.20 before 2026.6.9. This flaw exists within the plugin install commands functionality, enabling lower-trust callers to execute or persist actions beyond their intended authorization. Attackers can exploit misconfigured input paths or enabled features to escalate privileges and perform unauthorized actions when the vulnerable feature is reachable. This allows an authenticated, low-privileged attacker to gain higher access rights within the OpenClaw application. Defenders should prioritize patching and closely monitor for any unusual plugin installation activities or actions originating from accounts with limited privileges within their OpenClaw deployments.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn authenticated, low-privileged attacker gains access to the OpenClaw application.\u003c/li\u003e\n\u003cli\u003eThe attacker identifies a misconfigured input path or enabled feature within the application's plugin install commands that can be leveraged for privilege escalation.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a malicious plugin installation command designed to exploit the CVE-2026-62194 vulnerability.\u003c/li\u003e\n\u003cli\u003eThe attacker executes the specially crafted plugin installation command as a low-privileged user.\u003c/li\u003e\n\u003cli\u003eDue to the vulnerability in OpenClaw, the plugin install command is processed and executed with elevated privileges, bypassing authorization checks.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully escalates privileges within the OpenClaw application, gaining control typically reserved for higher-trust users.\u003c/li\u003e\n\u003cli\u003eUsing the escalated privileges, the attacker performs unauthorized actions, which may include executing arbitrary code, modifying critical configurations, or establishing persistence.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-62194 grants a low-privileged attacker the ability to escalate privileges within OpenClaw, potentially leading to full control over the application. This can result in unauthorized data access, modification, or deletion, system compromise, or the execution of arbitrary code within the application's environment. The vulnerability impacts organizations utilizing affected versions of OpenClaw, with the severity of impact depending on the role and criticality of the OpenClaw instance within the targeted environment.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade all OpenClaw installations to version 2026.6.9 or newer immediately to mitigate CVE-2026-62194.\u003c/li\u003e\n\u003cli\u003eReview the configuration of plugin install commands and related input paths in OpenClaw to ensure they are not misconfigured, as referenced in the NVD advisory for CVE-2026-62194.\u003c/li\u003e\n\u003cli\u003eImplement robust monitoring for unusual plugin installation activities or any actions originating from lower-privileged accounts that suggest privilege escalation within OpenClaw environments.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T22:26:55Z","date_published":"2026-07-13T22:26:55Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/","summary":"CVE-2026-62194 is a high-severity privilege escalation vulnerability in OpenClaw versions prior to 2026.6.9, allowing lower-trust callers to execute or persist actions with elevated privileges through exploited plugin install commands.","title":"OpenClaw Privilege Escalation Vulnerability (CVE-2026-62194)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-privilege-escalation/"}],"language":"en","title":"CraftedSignal Threat Feed - OpenClaw Versions 2026.5.20 Before 2026.6.9","version":"https://jsonfeed.org/version/1.1"}