CVE-2026-62208
EUVD-2026-4509617.07.2026, 02:18
OpenClaw before 2026.6.5 could forward Authorization headers during MCP SSE redirects. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. Impact depends on the operator's configuration and whether lower-trust input can reach the affected path.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openclaw | openclaw | 𝑥 < 2026.6.5 | CNA |
Common Weakness Enumeration
Vulnerability Media Exposure