PatchSiren cyber security CVE debrief
CVE-2026-62200 OpenClaw CVE debrief
A flaw in OpenClaw versions before 2026.6.1 could allow Git ext transport to be abused when the affected feature is enabled and reachable. This vulnerability has a high severity with a CVSS score of 8.7. Users of OpenClaw should assess the risk of the flaw in host exec environment filtering and prioritize updating to version 2026.6.1 or later. The CVE record and NVD entry provide further details.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- HIGH 8.7
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-13
- Original CVE updated
- 2026-07-13
- Advisory published
- 2026-07-13
- Advisory updated
- 2026-07-13
Who should care
Users of OpenClaw versions before 2026.6.1 should assess the risk of the flaw in host exec environment filtering. Operators, platform administrators, vulnerability management teams, and security teams may be impacted by this vulnerability. Prioritization of updates and review of compensating controls is recommended.
Technical summary
OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization. The CVSS score is 8.7, indicating a high severity. Users should review the official CVE record and NVD entry for further information.
Defensive priority
High priority should be given to updating OpenClaw to version 2026.6.1 or later and reviewing compensating controls for exposed systems.
Recommended defensive actions
- Update OpenClaw to version 2026.6.1 or later
- Assess the risk of the flaw in host exec environment filtering
- Monitor for potential abuse of Git ext transport
- Review compensating controls for exposed systems
- Check relevant monitoring, detection, and logs for exposed assets
- Track exceptions and retest remediated assets
- Confirm whether affected product deployments exist in managed environments
Evidence notes
The CVE record was published on 2026-07-13T22:16:51.813Z and has not been modified since then. The NVD entry is currently Received. There is limited information available about the vulnerability, and defenders should verify the affected scope and severity with the vendor. The OpenClaw project versions before 2026.6.1 are reportedly affected by this flaw. Evidence is limited to CVE and NVD data.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-13T22:16:51.813Z and has not been modified since then.