CVE-2026-62189
HIGH
NVD
CVSS Score
7.1
Severity
HIGH
Published
Jul 13, 2026
Vendor
unknown
Description
OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.