Ghostwire

CVE-2026-62189: OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows...

HIGH CVSS 0.0

Published: July 13, 2026 | Last Modified: July 13, 2026

Description

OpenClaw versions before 2026.6.9 contain a symlink following vulnerability in the mirror sync feature that allows lower-trust callers to perform actions requiring stronger authorization. Attackers can exploit remote symlink parents to bypass policy checks and authorization boundaries when the feature is enabled and reachable.

Ghostwire Analysis — What This Means Practically

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

Security Coverage (1 articles)

References