Vulnerability Description
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openclaw | Openclaw | < 2026.2.19 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/openclaw/openclaw/commit/280c6b117b2f0e24f398e5219048cd4cc3b8Patch
- https://github.com/openclaw/openclaw/security/advisories/GHSA-mqr9-vqhq-3jxwVendor Advisory
- https://www.vulncheck.com/advisories/openclaw-local-command-injection-via-unsafeThird Party Advisory
FAQ
What is CVE-2026-31994?
CVE-2026-31994 is a vulnerability with a CVSS score of 7.1 (HIGH). OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive ch...
How severe is CVE-2026-31994?
CVE-2026-31994 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-31994?
Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw, Microsoft Windows.