CVE-2026-62200
OpenClaw · OpenClaw
OpenClaw contains an authentication bypass vulnerability stemming from an incomplete list of disallowed inputs within the Git external transport functionality.
Executive summary
A critical authentication bypass in OpenClaw's Git transport mechanism allows low-privileged users to circumvent security controls.
Vulnerability
This vulnerability is identified as CWE-184 (Incomplete List of Disallowed Inputs). The Git external transport implementation fails to sufficiently validate input, allowing an authenticated user to bypass intended authorization constraints.
Business impact
Exploitation of this flaw grants unauthorized access to internal systems via the Git transport layer. Given the CVSS score of 8.8, this represents a significant threat to internal repository integrity and could lead to the unauthorized retrieval or modification of source code and sensitive project data.
Remediation
Immediate Action: Update OpenClaw to version 2026.6.6 or higher, which addresses the input validation shortcomings in the Git transport logic.
Proactive Monitoring: Review access logs associated with Git transport operations for anomalous command execution or unauthorized connection attempts.
Compensating Controls: Restrict access to Git transport services to trusted networks and ensure that all Git-related traffic is routed through secure, inspected channels.
Exploitation status
Public Exploit Available: No
Analyst recommendation
Organizations utilizing OpenClaw's Git transport features must prioritize the update to version 2026.6.6. Addressing this authentication bypass is essential to preventing unauthorized system access and ensuring the continued integrity of stored project data.