Executive Summary

CVE-2026-22176 is a command injection vulnerability in OpenClaw versions prior to 2026.2.19 that affects the generation of Windows Scheduled Task scripts.

The issue occurs because environment variables are written into a batch script (gateway.cmd) using unquoted assignments in the form set KEY=VALUE. This allows Windows shell metacharacters such as &, |, ^, %, or ! within environment variable values to break out of the intended assignment context.

As a result, an attacker who can influence environment variable values containing these metacharacters can inject and execute arbitrary commands when the scheduled task script is generated and executed.

The vulnerability arises during the installation or reinstallation of the gateway service on Windows, where the batch script is registered and run via Windows Scheduled Tasks (schtasks).

The vulnerability is classified as CWE-78 (Improper Neutralization of Special Elements used in an OS Command) and has moderate severity.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with the ability to influence environment variable values to execute arbitrary commands on the affected system with the privileges of the scheduled task.

Such command execution can lead to unauthorized actions, potentially compromising system integrity or availability.

The risk is higher in environments where environment variables come from less-trusted sources such as shared configuration templates, automation workflows, or repositories.

In single-user or personally controlled machines, the practical risk is generally low.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by inspecting the Windows Scheduled Task script (gateway.cmd) generated by OpenClaw for unquoted environment variable assignments that contain shell metacharacters such as &, |, ^, %, or !.

Specifically, look for lines in gateway.cmd using the pattern set KEY=VALUE without quotes around the assignment, which allows command injection.

You can check the scheduled task commands using Windows command line tools like schtasks to query the task and inspect the script it runs.

• Use PowerShell or Command Prompt to locate and examine the gateway.cmd script for unquoted set commands with suspicious environment variable values.
• Run: schtasks /Query /TN <task_name> /XML to export the scheduled task definition and review the command or script it executes.
• Search for environment variables containing metacharacters by inspecting the environment or configuration files that influence the scheduled task.

Useful 0 Not Useful 0

Mitigation Strategies

[{'type': 'paragraph', 'content': 'The immediate mitigation step is to upgrade OpenClaw to version 2026.2.19 or later, where the vulnerability is fixed by quoting environment variable assignments and escaping special characters in the scheduled task script.'}, {'type': 'paragraph', 'content': 'If upgrading is not immediately possible, manually inspect and modify the gateway.cmd script to ensure environment variable assignments are quoted in the form set "KEY=VALUE" with proper escaping of metacharacters.'}, {'type': 'paragraph', 'content': 'Avoid using environment variable values that contain shell metacharacters such as &, |, ^, %, or ! in configurations that influence the scheduled task script.'}, {'type': 'paragraph', 'content': 'Review and restrict access to configuration sources that provide environment variables to prevent injection of malicious values.'}, {'type': 'paragraph', 'content': 'Consider temporarily disabling or removing the affected scheduled task until the fix can be applied.'}] [1, 2]

Useful 0 Not Useful 0