OpenClaw versions before 2026.6.5 contain an...
Moderate severity
Unreviewed
Published
Jul 17, 2026
to the GitHub Advisory Database
•
Updated Jul 17, 2026
Description
Published by the National Vulnerability Database
Jul 17, 2026
Published to the GitHub Advisory Database
Jul 17, 2026
Last updated
Jul 17, 2026
OpenClaw versions before 2026.6.5 contain an authentication bypass vulnerability in HTTP Canvas responses that allows lower-trust callers to forge trusted A2UI actions. Attackers can perform actions requiring stronger authorization by submitting crafted requests through configured input paths, bypassing intended policy checks.
References