CVE-2026-31994
Local Command Injection in OpenClaw Windows Scheduled Task Scripts
Publication date: 2026-03-19
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.2.19 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31994 is a local command injection vulnerability found in OpenClaw versions prior to 2026.2.19. It occurs during the generation of Windows scheduled task scripts, specifically in gateway.cmd files, due to unsafe handling of command (cmd) metacharacters and expansion-sensitive characters like % and !. Local attackers who have control over the arguments used to generate these service scripts can inject arbitrary commands by supplying metacharacter-only values or carriage return/line feed sequences. This causes unintended code execution within the context of the scheduled task.
The root cause is improper quoting and escaping of special characters in the script generation process, which allows the Windows command processor to interpret injected commands. The vulnerability requires local access and control over inputs influencing the script generation, such as install-time or runtime arguments or environment variables.
How can this vulnerability impact me? :
This vulnerability can allow a local attacker with limited privileges to execute arbitrary commands on the affected system in the context of the Windows scheduled task. This can lead to unauthorized actions such as modifying system files, escalating privileges, disrupting service availability, or compromising system integrity.
The CVSS v3.1 score of 7.1 reflects a high impact on integrity and availability, meaning the attacker can cause significant harm by injecting malicious commands. Since the attack vector is local, the attacker must have some level of access to the system to exploit this vulnerability.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': "This vulnerability involves unsafe handling of command metacharacters and expansion-sensitive characters in Windows scheduled task script generation within OpenClaw's gateway.cmd files. Detection requires checking for the presence of vulnerable OpenClaw versions prior to 2026.2.19 and inspecting generated scheduled task scripts for unescaped or improperly quoted metacharacters."}, {'type': 'paragraph', 'content': 'Since the vulnerability is local and related to Windows scheduled task scripts, you can detect it by examining the contents of gateway.cmd files and scheduled tasks created by OpenClaw for suspicious or unescaped command metacharacters such as &, |, <, >, ^, (, ), %, !, or unexpected carriage return/line feed sequences.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation or presence of vulnerable scripts include:'}, {'type': 'list_item', 'content': "Check OpenClaw version installed: Use OpenClaw's version command or check package.json or npm list to verify if the version is prior to 2026.2.19."}, {'type': 'list_item', 'content': 'List scheduled tasks related to OpenClaw: Run `schtasks /query /fo LIST /v` and look for tasks created by OpenClaw.'}, {'type': 'list_item', 'content': 'Inspect the gateway.cmd script files used by OpenClaw scheduled tasks for unescaped metacharacters or suspicious command injections by opening them in a text editor or using `findstr` to search for metacharacters.'}, {'type': 'list_item', 'content': 'Search for carriage return or line feed characters in command arguments or environment variables within scripts that could indicate injection points.'}] [1, 2, 3]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.2.19 or later, where the vulnerability has been fixed by implementing proper quoting, escaping, and validation of command arguments and environment variables in Windows scheduled task script generation.
If upgrading immediately is not possible, consider the following interim measures:
- Avoid running OpenClaw on Windows systems where untrusted users have local access to control service script generation arguments.
- Manually review and sanitize any inputs or environment variables that influence the generation of scheduled task scripts to ensure they do not contain metacharacters or CR/LF sequences.
- Restrict permissions on gateway.cmd files and scheduled tasks to prevent unauthorized modification.
- Monitor scheduled tasks and logs for suspicious activity that could indicate exploitation attempts.