Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Fri, 17 Jul 2026 00:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path. | |
| Title | OpenClaw < 2026.6.5 Authorization Header Forwarding via SSE | |
| First Time appeared |
Openclaw
Openclaw openclaw |
|
| Weaknesses | CWE-522 | |
| CPEs | cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Openclaw
Openclaw openclaw |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-17T00:06:52.026Z
Reserved: 2026-07-13T16:39:22.251Z
Link: CVE-2026-62208
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-17T02:00:09Z