OpenClaw versions prior to 2026.2.19 contain a command injection flaw in the Lobster extension tool execution that uses a Windows shell fallback with shell:true after spawn failures. The flaw allows attackers to inject shell metacharacters into command arguments, which are interpreted by the fallback shell, enabling arbitrary command execution on the host. This weakness corresponds to CWE-78, Improper Neutralization of Special Elements in an OS Command.

The vulnerability affects the OpenClaw product as identified by the CNA. All releases before 2026.2.19 are vulnerable. The flaw exists in the Lobster extension component that runs under a Node.js environment, as reflected by the CPE entry cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*.

The CVSS score is 5.8, indicating moderate severity. EPSS data is not available and the vulnerability is not listed in the CISA KEV catalog, suggesting it has not yet been widely exploited. Exploitation requires the attacker to trigger a subprocess spawn failure and supply crafted arguments, which is not explicitly detailed in the description. Based on the description, it is inferred that local or privileged access to the machine may be needed to deliver the crafted arguments. Nonetheless, the ability to execute arbitrary commands when the fallback mechanism activates presents a significant risk to affected installations, and prompt remediation is advised.