Description
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.
Published: 2026-03-19
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Local Command Execution
Action: Patch
AI Analysis

Impact

OpenClaw versions prior to 2026.2.19 contain a local command injection flaw due to unsafe handling of cmd metacharacters and CR/LF sequences in gateway.cmd file generation for Windows scheduled tasks; this is an instance of OS Command Injection (CWE-78) that allows a local attacker with control over service script generation arguments to inject and execute arbitrary commands within the scheduled task context, potentially compromising confidentiality, integrity, or availability of the affected system.

Affected Systems

The vulnerability affects OpenClaw software deployments running on Windows operating systems, specifically versions earlier than 2026.2.19. Users must verify that their OpenClaw instance is not on the affected version list and that no untrusted parties have access to configure or supply script generation arguments.

Risk and Exploitability

With a CVSS score of 6.9 the vulnerability is of moderate severity. An EPSS score of less than 1% indicates a low probability of exploitation in the field. The vulnerability is not found in the CISA KEV catalog, suggesting limited exploitation data. Exploitation requires local access to the script generation mechanism; remote exploitation is not supported. If an attacker can control the input arguments, they can execute arbitrary commands in the scheduled task context, leading to potential system compromise.

Generated by OpenCVE AI on March 19, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.2.19 or newer.
  • Restrict permission on script generation to trusted, privileged users to prevent local attackers from injecting malicious arguments.
  • Audit scheduled task creation logs for unexpected or suspicious commands.
  • Apply general best practices such as limiting local user privileges and regularly reviewing scheduled task configurations.

Generated by OpenCVE AI on March 19, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-mqr9-vqhq-3jxw OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
History

Thu, 19 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Thu, 19 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.
Title OpenClaw < 2026.2.19 - Local Command Injection via Unsafe cmd Argument Handling in Windows Scheduled Task Script Generation
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Microsoft Windows
Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T16:09:01.132Z

Reserved: 2026-03-10T19:48:11.111Z

Link: CVE-2026-31994

cve-icon Vulnrichment

Updated: 2026-03-19T16:08:57.583Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:04.493

Modified: 2026-03-19T18:20:22.820

Link: CVE-2026-31994

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:37Z

Weaknesses