{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/products/openclaw-before-2026.6.6/feed.json","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[{"cvss":8.8,"id":"CVE-2026-62199"}],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":["OpenClaw (before 2026.6.6)"],"_cs_severities":["high"],"_cs_tags":["vulnerability","rce","persistence","openclaw"],"_cs_type":"advisory","_cs_vendors":["OpenClaw"],"content_html":"\u003cp\u003eCVE-2026-62199 identifies a significant flaw in OpenClaw versions before 2026.6.6. This vulnerability resides within the host execution environment filtering mechanism, which fails to adequately sanitize or block interpreter startup variables. When an affected OpenClaw instance has the vulnerable feature enabled and is reachable by a lower-trust caller or through a configured input path, an attacker can supply specially crafted environment variables. These malicious variables can exploit the filtering bypass to execute commands or establish persistence with elevated privileges beyond the caller's intended authorization. The CVSS 3.1 base score for this vulnerability is 8.8 (High), indicating a severe risk of compromise, including full confidentiality, integrity, and availability impacts.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAn attacker, acting as a lower-trust caller or leveraging a configured input path, identifies a vulnerable OpenClaw instance (versions before 2026.6.6) with the susceptible feature enabled and network reachable.\u003c/li\u003e\n\u003cli\u003eThe attacker researches the specific interpreter used by OpenClaw and identifies interpreter startup variables that can be manipulated for arbitrary command execution or persistence.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a set of malicious environment variables designed to bypass OpenClaw's faulty host execution environment filtering.\u003c/li\u003e\n\u003cli\u003eThe attacker supplies these crafted environment variables to the vulnerable OpenClaw instance through the designated input path or API.\u003c/li\u003e\n\u003cli\u003eDue to the flaw in the filtering mechanism (CVE-2026-62199), the malicious interpreter startup variables are not properly sanitized or blocked by OpenClaw.\u003c/li\u003e\n\u003cli\u003eThe OpenClaw instance proceeds to execute the interpreter, inadvertently processing the attacker-controlled startup variables.\u003c/li\u003e\n\u003cli\u003eThe malicious environment variables cause the interpreter to execute arbitrary commands supplied by the attacker, resulting in unauthorized code execution.\u003c/li\u003e\n\u003cli\u003eThe attacker successfully gains control over the OpenClaw host system, potentially leading to data exfiltration, further persistence mechanisms, or deployment of additional malware.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of CVE-2026-62199 grants attackers unauthorized code execution and persistence capabilities on the compromised system. This can lead to complete system takeover, allowing for arbitrary command execution, data exfiltration, modification of system configurations, or deployment of additional malicious payloads such as ransomware or backdoors. While no specific victim numbers or targeted sectors are available from the advisory, the high CVSS score implies that any organization using vulnerable OpenClaw versions could be at significant risk of severe data breaches and operational disruption.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003ePatch CVE-2026-62199 immediately by upgrading all OpenClaw instances to version 2026.6.6 or later.\u003c/li\u003e\n\u003cli\u003eReview the configuration of OpenClaw instances to ensure the affected feature, which enables external control over host exec environment filtering, is disabled if not strictly necessary.\u003c/li\u003e\n\u003cli\u003eMonitor system and application logs for unusual process creations or modifications to environment variables originating from OpenClaw processes or its associated interpreter.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-07-13T22:29:45Z","date_published":"2026-07-13T22:29:45Z","id":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-env-filter-bypass/","summary":"A critical vulnerability, CVE-2026-62199, in OpenClaw versions prior to 2026.6.6 allows a lower-trust caller to bypass host execution environment filtering by supplying crafted interpreter startup variables, leading to unauthorized code execution and persistence.","title":"OpenClaw Environment Filtering Bypass Vulnerability (CVE-2026-62199)","url":"https://feed.craftedsignal.io/briefs/2026-07-openclaw-env-filter-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed - OpenClaw (Before 2026.6.6)","version":"https://jsonfeed.org/version/1.1"}