CVE-2026-62200 in OpenClaw
Summary
by MITRE • 07/14/2026
OpenClaw versions before 2026.6.1 contain a flaw in host exec environment filtering that could allow Git ext transport to be abused. When the affected feature is enabled and reachable, a lower-trust caller or configured input path could execute or persist actions beyond the caller's intended authorization.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 07/14/2026
The vulnerability identified in OpenClaw versions prior to 2026.6.1 represents a critical security flaw within the host execution environment filtering mechanism that directly impacts the Git external transport functionality. This weakness creates an avenue for privilege escalation and unauthorized code execution through improper input validation and access control enforcement. The issue stems from insufficient sanitization of external transport parameters that are processed within the host environment, allowing malicious actors to manipulate the execution flow of legitimate system processes.
The technical implementation flaw resides in how OpenClaw handles external transport protocols when specific features are enabled, particularly concerning Git-based operations. When these vulnerable components are accessible to untrusted inputs or callers, the system fails to properly validate and sanitize the transport parameters before processing them within the host environment. This creates a path where an attacker with lower privileges can inject malicious commands or manipulate execution paths that should be restricted to authorized users only. The vulnerability operates at the intersection of input handling and privilege management, specifically targeting the boundary between trusted and untrusted execution contexts.
From an operational impact perspective, this vulnerability exposes organizations to significant risks including unauthorized code execution, data exfiltration, and persistence mechanisms within the affected systems. Attackers could leverage this flaw to escalate privileges beyond their intended authorization levels, potentially gaining access to sensitive resources or establishing backdoors within the host environment. The attack surface expands when considering that Git transport operations are commonly used in automated deployment pipelines, continuous integration systems, and collaborative development environments where multiple users may have varying levels of system access.
The security implications extend beyond immediate execution privileges to encompass potential lateral movement within networked environments where OpenClaw systems are deployed. This vulnerability aligns with CWE-78 and CWE-20 categories related to command injection and input validation failures, respectively, and maps to ATT&CK techniques involving privilege escalation and persistence mechanisms. Organizations utilizing affected versions face risks of unauthorized access to source code repositories, system compromise through malicious Git operations, and potential data loss through unauthorized modifications or deletions.
Mitigation strategies should prioritize immediate patching to version 2026.6.1 or later, which includes enhanced input validation and stricter host environment filtering controls. Additionally, organizations should implement network segmentation to limit access to vulnerable Git transport features, enforce strict access controls on system resources, and monitor for suspicious execution patterns that may indicate exploitation attempts. Regular security assessments of external transport configurations and comprehensive input sanitization practices should be established as part of ongoing security hygiene to prevent similar vulnerabilities from emerging in future deployments.