PatchSiren cyber security CVE debrief
CVE-2026-62220 OpenClaw CVE debrief
CVE-2026-62220 is a MEDIUM severity vulnerability in OpenClaw 2026.2.25 before 2026.5.26 that allows a lower-trust caller or configured input path to bypass non-browser rate limits on WebSocket authentication attempts. This can consume gateway resources and reduce service availability when the affected feature is enabled and reachable by lower-trust input. The vulnerability class is related to WebSocket authentication rate limiting, and the likely operational impact is reduced service availability.
- Vendor
- OpenClaw
- Product
- Unknown
- CVSS
- MEDIUM 6.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-07-17
- Original CVE updated
- 2026-07-17
- Advisory published
- 2026-07-17
- Advisory updated
- 2026-07-17
Who should care
Users of OpenClaw 2026.2.25 before 2026.5.26 should be aware of this vulnerability and take steps to mitigate it, especially if the affected feature is enabled and reachable by lower-trust input. Operators, platform administrators, vulnerability management teams, and security teams should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Technical summary
The vulnerability exists in OpenClaw 2026.2.25 before 2026.5.26, where a lower-trust caller or configured input path can bypass non-browser rate limits on WebSocket authentication attempts. This can lead to consumption of gateway resources and reduced service availability. The affected feature is enabled and reachable by lower-trust input, which can impact service availability. Users should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance, and take steps to mitigate this vulnerability, especially if the affected feature is enabled and reachable by lower-trust input.
Defensive priority
Medium priority should be given to patching or mitigating this vulnerability, especially if the affected feature is enabled and reachable by lower-trust input.
Recommended defensive actions
- Apply the patch or upgrade to OpenClaw 2026.5.26 or later
- Review and limit access to the affected feature
- Monitor for suspicious WebSocket authentication attempts
- Implement additional rate limiting measures
- Confirm whether affected product deployments exist in managed environments and assign an owner for follow-up
- Review compensating controls for exposed systems while remediation is scheduled and verified
- Track exceptions, retest remediated assets, and close the item only after evidence is documented
Evidence notes
The CVE record was published on 2026-07-17T02:18:08.990Z and has not been modified since then. The NVD entry is currently in the 'Received' status. The source item URL for CVE-2026-62220 is provided, but additional verification is needed to confirm affected scope and severity. Defenders should review the official advisory and CVE record to validate affected scope, severity, and vendor guidance.
Official resources
AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-07-17T02:18:08.990Z and has not been modified since then. The NVD entry is currently in the 'Received' status.