CVE-2026-62222

Summary

OpenClaw before 2026.5.22 contain a vulnerability in setup-mode discovery that allows loading of untrusted workspace plugins. Attackers with lower-trust caller access or control over configured input paths can execute or persist actions beyond their intended authorization level.

Affected Software

VendorProductVersion RangeStatus
OpenClawOpenClaw0 < 2026.5.22affected
OpenClawOpenClaw2026.5.22unaffected

Weaknesses

  • CWE-829: Inclusion of Functionality from Untrusted Control Sphere

References