PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-62220 OpenClaw CVE debrief

CVE-2026-62220 is a MEDIUM severity vulnerability in OpenClaw 2026.2.25 before 2026.5.26 that allows a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. This can consume gateway resources and reduce service availability when the affected feature is enabled and reachable by lower-trust input. The vulnerability class is related to WebSocket authentication rate limiting, and the likely operational impact is reduced service availability.

Vendor
OpenClaw
Product
Unknown
CVSS
MEDIUM 6.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-07-17
Original CVE updated
2026-07-17
Advisory published
2026-07-17
Advisory updated
2026-07-17

Who should care

Users of OpenClaw 2026.2.25 before 2026.5.26 should be aware of this vulnerability and take steps to mitigate it, especially if the affected feature is enabled and reachable by lower-trust input. Operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Technical summary

The vulnerability exists in OpenClaw 2026.2.25 before 2026.5.26, where a lower-trust caller or configured input path can bypass non-browser rate limits on WebSocket authentication attempts. This can lead to consumption of gateway resources and reduced service availability. The affected feature is enabled and reachable by lower-trust input, which can impact service availability. Users should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance, and take steps to mitigate this vulnerability, especially if the affected feature is enabled and reachable by lower-trust input.

Defensive priority

Medium priority should be given to patching or mitigating this vulnerability, especially if the affected feature is enabled and reachable by lower-trust input.

Recommended defensive actions

  • Apply the patch or upgrade to OpenClaw 2026.5.26 or later
  • Review and limit access to the affected feature
  • Monitor for suspicious WebSocket authentication attempts
  • Implement additional rate limiting measures
  • Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
  • Review compensating controls for exposed systems while remediation is scheduled and verified
  • Track exceptions, retest remediated assets, and close the item only after evidence is documented

Evidence notes

The CVE record was published on 2026-07-17T02:18:08.990Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The source item URL for CVE-2026-62220 is provided, but additional verification is needed to confirm affected scope and severity. Defenders should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:08.990Z and has not been modified since then. The NVD entry is currently in the 'Received' status.