CVE-2026-62200

OpenClaw · OpenClaw

OpenClaw contains an authentication bypass vulnerability stemming from an incomplete list of disallowed inputs within the Git external transport functionality.

Executive summary

A critical authentication bypass in OpenClaw's Git transport mechanism allows low-privileged users to circumvent security controls.

Vulnerability

This vulnerability is identified as CWE-184 (Incomplete List of Disallowed Inputs). The Git external transport implementation fails to sufficiently validate input, allowing an authenticated user to bypass intended authorization constraints.

Business impact

Exploitation of this flaw grants unauthorized access to internal systems via the Git transport layer. Given the CVSS score of 8.8, this represents a significant threat to internal repository integrity and could lead to the unauthorized retrieval or modification of source code and sensitive project data.

Remediation

Immediate Action: Update OpenClaw to version 2026.6.6 or higher, which addresses the input validation shortcomings in the Git transport logic.

Proactive Monitoring: Review access logs associated with Git transport operations for anomalous command execution or unauthorized connection attempts.

Compensating Controls: Restrict access to Git transport services to trusted networks and ensure that all Git-related traffic is routed through secure, inspected channels.

Exploitation status

Public Exploit Available: No

Analyst recommendation

Organizations utilizing OpenClaw's Git transport features must prioritize the update to version 2026.6.6. Addressing this authentication bypass is essential to preventing unauthorized system access and ensuring the continued integrity of stored project data.