CVE-2026-62199
HIGH
NVD
CVSS Score
8.8
Severity
HIGH
Published
Jul 13, 2026
Vendor
unknown
Description
OpenClaw versions before 2026.6.6 contain a flaw in host exec environment filtering that can miss interpreter startup variables. When the affected feature is enabled and reachable, a lower-trust caller or configured input path can supply crafted environment variables to execute or persist actions beyond the caller's intended authorization.