Description
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow arguments.
Published: 2026-03-19
Score: 5.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the Lobster extension of OpenClaw, where a Windows shell fallback is activated when a spawn failure occurs and the shell option is set to true. This path incorrectly handles tool‑provided arguments, allowing an attacker to inject arbitrary commands. The defect maps to CWE‑78 (OS Command Injection) and enables arbitrary command execution on the host system, compromising confidentiality, integrity, and availability of the affected machine.

Affected Systems

Affected vendor is OpenClaw. Versions older than 2026.2.19, specifically any release from 2026.1.21 up to but not including 2026.2.19, are vulnerable. The issue manifests on Windows operating systems that run the OpenClaw platform and employ the Lobster extension.

Risk and Exploitability

The CVSS base score is 5.8, indicating moderate severity. The EPSS score is below 1%, suggesting the exploit is unlikely to be widespread or currently in use, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply malicious workflow arguments to the Lobster extension; when the fallback to cmd.exe is triggered, the attacker can remotely or locally execute commands. Because the flaw is discovered within the application’s Windows shell handling, an attacker with sufficient input control can achieve full command execution, but no evidence of active exploitation exists yet.

Generated by OpenCVE AI on March 19, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply an update to OpenClaw 2026.2.19 or later to remove the vulnerable fallback.
  • If an update is not yet available, disable or remove the Lobster extension in the OpenClaw configuration to prevent the fallback mechanism from being used.
  • As a temporary measure, configure the application to avoid triggering the shell fallback by ensuring spawn operations succeed or by setting shell:false, reducing the attack surface.
  • Verify that the application is running on a patched Windows OS and that no unauthorized command execution is occurring.
  • Monitor relevant security advisories and consider implementing network segmentation to limit potential lateral movement if exploitation occurs.

Generated by OpenCVE AI on March 19, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-fg3m-vhrr-8gj6 OpenClaw has Windows Lobster shell fallback command injection in constrained fallback path
History

Thu, 19 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Microsoft
Microsoft windows
CPEs cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Vendors & Products Microsoft
Microsoft windows

Thu, 19 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 01:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow arguments.
Title OpenClaw 2026.1.21 < 2026.2.19 - Command Injection via Windows Shell Fallback in Lobster Extension
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-78
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:L'}

cvssV4_0

{'score': 5.8, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N'}

Subscriptions

Microsoft Windows
Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-19T13:38:11.199Z

Reserved: 2026-03-10T19:48:11.111Z

Link: CVE-2026-31995

cve-icon Vulnrichment

Updated: 2026-03-19T13:38:07.106Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-19T02:16:04.707

Modified: 2026-03-19T18:17:57.430

Link: CVE-2026-31995

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T11:55:36Z

Weaknesses