The vulnerability is a command injection in OpenClaw’s Windows Scheduled Task script generation. Because environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, attackers can inject shell metacharacters such as &, |, ^, %, or ! into environment variable values to break out of the assignment context. This allows execution of arbitrary commands when the scheduled task script is generated and later executed, giving attackers the ability to run code with the permissions of the scheduled task. The weakness is identified as CWE‑78: Improper Neutralization of Special Elements used in a Command.

The vulnerability affects OpenClaw (OpenClaw) versions older than 2026.2.19. No specific sub‑versions are listed, so any build prior to that release is considered vulnerable.

The CVSS base score is 6.9, indicating a moderate severity. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is inferred: an attacker must provide a value for an environment variable that influences the script generation; this could be achieved remotely via an interface that accepts custom environment variables or locally by setting environment variables before invoking the vulnerable code. Because the injection occurs during script generation, successful exploitation requires access that can cause the script to be generated and run. Given the moderate CVSS score and absence of observable exploit in the public domain, immediate remediation is recommended to prevent potential code execution.