PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62200 OpenClaw CVE debrief

A flaw in OpenClaw versions before 2026.6.1 could allow Git ext transport to be abused when the affected feature is enabled and reachable. This vulnerability has a high severity with a CVSS score of 8.7. Users of OpenClaw should assess the risk of the flaw in host exec environment filtering and prioritize updating to version 2026.6.1 or later. The CVE record and NVD entry provide further details.

Vendor
OpenClaw
Product
Unknown
CVSS
HIGH 8.7
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-13
Original CVE updated
2026-07-13
Advisory published
2026-07-13
Advisory updated
2026-07-13

Who should care

Users of OpenClaw versions before 2026.6.1 should assess the risk of the flaw in host exec environment filtering. Operators, platform administrators, vulnerability management teams, and security teams may be impacted by this vulnerability. Prioritization of updates and review of compensating controls is recommended.

Technical summary

OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. The CVSS score is 8.7, indicating a high severity. Users should review the official CVE record and NVD entry for further information.

Defensive priority

High priority should be given to updating OpenClaw to version 2026.6.1 or later and reviewing compensating controls for exposed systems.

Recommended defensive actions

  • Update OpenClaw to version 2026.6.1 or later
  • Assess the risk of the flaw in host exec environment filtering
  • Monitor for potential abuse of Git ext transport
  • Review compensating controls for exposed systems
  • Check relevant monitoring, detection, and logs for exposed assets
  • Track exceptions and retest remediated assets
  • Confirm whether affected product deployments exist in managed environments

Evidence notes

The CVE record was published on 2026-07-13T22:16:51.813Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The OpenClaw project versions before 2026.6.1 are reportedly affected by this flaw. Evidence is limited to CVE and NVD data.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:51.813Z and has not been modified since then.