CVE-2026-62199
Analyzed Analyzed - Analysis Complete

Path Traversal in OpenClaw Host Exec Environment

Vulnerability report for CVE-2026-62199, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-14

Assigner: VulnCheck

Description

OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions beyond the caller's intended authorization.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-14
Generated
2026-07-15
AI Q&A
2026-07-14
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.6.6 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-184 The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-62199 is a vulnerability in OpenClaw versions before 2026.6.6. The flaw exists in the host execution environment filtering mechanism, which fails to properly sanitize interpreter startup variables. This oversight allows a lower-trust caller or a configured input path to supply crafted environment variables.

When the affected feature is enabled and reachable, these crafted variables can lead to unintended execution or persistence of actions beyond what the caller is authorized to perform. This could result in unauthorized code execution or privilege escalation.

Impact Analysis

The impact of this vulnerability depends on your use of OpenClaw and whether the affected feature is enabled and accessible in your environment.

  • If exploited, an attacker with lower privileges could execute unauthorized actions, potentially gaining higher-level access or control over the system.
  • The vulnerability could lead to data breaches, unauthorized modifications, or disruption of services, depending on the context in which OpenClaw is used.
  • Systems relying on OpenClaw for security-sensitive operations (e.g., authentication, data processing) may face increased risk of compromise.

The CVSS v3.1 score of 8.8 (High) and CVSS v4.0 score of 8.7 (High) indicate that this is a severe vulnerability with significant potential for impact on confidentiality, integrity, and availability.

Compliance Impact

This vulnerability could affect compliance with several standards and regulations, depending on the context of its exploitation and the data or systems involved.

  • GDPR: If the vulnerability leads to unauthorized access or disclosure of personal data, it could result in a breach of GDPR requirements, particularly Article 5 (data protection principles) and Article 32 (security of processing). Organizations may face fines or legal consequences if they fail to mitigate the risk.
  • HIPAA: For organizations handling protected health information (PHI), exploitation of this vulnerability could violate the HIPAA Security Rule, which mandates safeguards for electronic PHI. A breach could lead to penalties under HIPAA's enforcement provisions.
  • Other standards: Compliance with frameworks like ISO 27001, NIST SP 800-53, or PCI DSS may also be impacted if the vulnerability undermines security controls related to access management, data integrity, or system availability.

Organizations should assess whether this vulnerability exposes them to non-compliance risks and take appropriate remediation steps to maintain adherence to relevant regulations.

Detection Guidance

Detecting this vulnerability requires checking if OpenClaw versions before 2026.6.6 are installed and if the affected feature (host exec environment filtering) is enabled and reachable. Since the flaw involves environment variable handling, you can inspect running processes or configurations for signs of misconfigured or unfiltered environment variables.

  • Check the installed version of OpenClaw using package managers or direct file inspection. For example, if OpenClaw provides a version command, run: openclaw --version or check the binary's metadata.
  • Inspect system processes for OpenClaw instances that might be running with the affected feature enabled. Use commands like: ps aux | grep openclaw or top to identify active processes.
  • Review configuration files or environment variables associated with OpenClaw to see if the host exec environment filtering is enabled. Look for files or settings that define environment variable handling, such as config.yml or similar.
  • If network reachability is a concern, use network scanning tools to check if the affected service is exposed. For example, run: nmap -sV <target-ip> to identify open ports and services.

Since the vulnerability involves crafted environment variables, monitoring for unusual environment variable usage in logs or process listings may help. However, specific detection commands depend on how OpenClaw is deployed and configured in your environment.

Mitigation Strategies

To mitigate this vulnerability, follow these immediate steps:

  • Upgrade OpenClaw to version 2026.6.6 or later, as this version contains the fix for the host exec environment filtering flaw. Check the official OpenClaw repository or package manager for the latest version.
  • If upgrading is not immediately possible, disable the affected feature (host exec environment filtering) if it is not critical to your operations. Refer to OpenClaw's documentation for instructions on disabling specific features.
  • Restrict access to the OpenClaw service to trusted users and networks. Use firewalls or network segmentation to limit exposure to potential attackers. For example, block external access to the service if it is only needed internally.
  • Monitor and audit environment variable usage in OpenClaw processes. Log and review any unusual or unexpected environment variable changes that could indicate exploitation attempts.
  • Apply principle of least privilege to users and processes interacting with OpenClaw. Ensure that lower-trust callers do not have unnecessary permissions to supply environment variables or input paths.
  • Review and harden the system's environment variable handling policies. Ensure that only trusted and validated environment variables are passed to OpenClaw processes.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-62199. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart