CVE-2026-62220
EUVD-2026-4510817.07.2026, 02:18
OpenClaw 2026.2.25 before 2026.5.26 allow a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. When the affected feature is enabled and reachable by lower-trust input, this can consume gateway resources and reduce service availability.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| openclaw | openclaw | 2026.2.25 ≤ 𝑥 < 2026.5.26 | CNA |
Vulnerability Media Exposure