All guides

Security advisory

CVE-2026-62199: How to Check and Patch OpenClaw

OpenClaw releases before 2026.6.6 incompletely filtered interpreter startup environment variables in host execution. Upgrade first, then verify the running process—not just the package on disk.

Required action: if your running OpenClaw version is older than 2026.6.6, upgrade to 2026.6.6 or a later supported release, restart the service, and verify the version again.

What the advisory says

NVD's CVE-2026-62199 record and the OpenClaw GitHub advisory describe incomplete filtering of interpreter startup variables in host execution. Under the stated conditions, lower-trust input could influence an interpreter environment and execute or persist actions beyond the intended authorization boundary.

NVD scores the issue 8.8 High under CVSS 3.1 and maps it to CWE-184, incomplete filtering. This page intentionally focuses on detection and remediation rather than exploit construction.

1. Check the version that is actually running

openclaw --version

# If OpenClaw runs in Docker, check inside the container
OPENCLAW_CONTAINER=openclaw
docker exec "$OPENCLAW_CONTAINER" openclaw --version

Checking only npm list or an image tag is insufficient: a gateway may still be running an older process. Record the result before and after the restart.

2. Upgrade to a fixed release

Use the same installation method you originally chose, then confirm the installed version.

# Set this to 2026.6.6 or a newer release you have tested
OPENCLAW_FIXED_VERSION=2026.6.6
npm install -g "openclaw@$OPENCLAW_FIXED_VERSION"

openclaw --version

For containers, use an explicit fixed image tag—never :latest—and follow your normal pull, recreate, and rollback procedure. The 2026.6.6 release is the first fixed version named by the advisory.

3. Restart and verify

  1. Restart the gateway or recreate the container.
  2. Run openclaw --version in the same runtime context again.
  3. Check service logs for config rejection or repeated crash loops.
  4. Run one benign, read-only agent task to confirm normal tool routing.
  5. Keep the previous known-good configuration available for rollback, but do not roll back to a vulnerable binary.

Temporary risk reduction if you cannot upgrade immediately

  • Remove untrusted users and public-facing input paths from agents that can execute on the host.
  • Disable unnecessary host-execution tools and narrow allowlists.
  • Rotate credentials if logs or incident review indicate unexpected execution.
  • Review persistence locations and recent process activity using your established incident-response procedure.

These controls do not fix the filter. Schedule the upgrade as the remediation. For broader defense-in-depth, see the OpenClaw security guide.

Frequently asked questions

Which OpenClaw versions are affected by CVE-2026-62199?

The vendor advisory lists versions through 2026.6.1 as affected and names 2026.6.6 as the first patched release. NVD's range is broader, so conservatively treat any version older than 2026.6.6 as needing an upgrade.

What does CVE-2026-62199 affect?

It concerns incomplete filtering of interpreter startup environment variables in host execution. A lower-trust caller or configured input path could cross the intended execution boundary.

Is disabling one channel enough?

No. The primary remediation is upgrading. While waiting, reduce exposure to lower-trust callers and disable unnecessary host-execution paths, but treat those steps as temporary risk reduction.

Related guides

Prefer managed patching?

OpenClaw Launch manages the container and update workflow while keeping each deployment isolated.

View managed hosting