CVE-2026-31994
Received Received - Intake
Local Command Injection in OpenClaw Windows Scheduled Task Scripts

Publication date: 2026-03-19

Last updated on: 2026-03-19

Assigner: VulnCheck

Description
OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31994
EUVD
EUVD-2026-13027
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.2.19 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31994 is a local command injection vulnerability found in OpenClaw versions prior to 2026.2.19. It occurs during the generation of Windows scheduled task scripts, specifically in gateway.cmd files, due to unsafe handling of command (cmd) metacharacters and expansion-sensitive characters like % and !. Local attackers who have control over the arguments used to generate these service scripts can inject arbitrary commands by supplying metacharacter-only values or carriage return/line feed sequences. This causes unintended code execution within the context of the scheduled task.

The root cause is improper quoting and escaping of special characters in the script generation process, which allows the Windows command processor to interpret injected commands. The vulnerability requires local access and control over inputs influencing the script generation, such as install-time or runtime arguments or environment variables.

Impact Analysis

This vulnerability can allow a local attacker with limited privileges to execute arbitrary commands on the affected system in the context of the Windows scheduled task. This can lead to unauthorized actions such as modifying system files, escalating privileges, disrupting service availability, or compromising system integrity.

The CVSS v3.1 score of 7.1 reflects a high impact on integrity and availability, meaning the attacker can cause significant harm by injecting malicious commands. Since the attack vector is local, the attacker must have some level of access to the system to exploit this vulnerability.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability involves unsafe handling of command metacharacters and expansion-sensitive characters in Windows scheduled task script generation within OpenClaw's gateway.cmd files. Detection requires checking for the presence of vulnerable OpenClaw versions prior to 2026.2.19 and inspecting generated scheduled task scripts for unescaped or improperly quoted metacharacters."}, {'type': 'paragraph', 'content': 'Since the vulnerability is local and related to Windows scheduled task scripts, you can detect it by examining the contents of gateway.cmd files and scheduled tasks created by OpenClaw for suspicious or unescaped command metacharacters such as &, |, <, >, ^, (, ), %, !, or unexpected carriage return/line feed sequences.'}, {'type': 'paragraph', 'content': 'Suggested commands to detect potential exploitation or presence of vulnerable scripts include:'}, {'type': 'list_item', 'content': "Check OpenClaw version installed: Use OpenClaw's version command or check package.json or npm list to verify if the version is prior to 2026.2.19."}, {'type': 'list_item', 'content': 'List scheduled tasks related to OpenClaw: Run `schtasks /query /fo LIST /v` and look for tasks created by OpenClaw.'}, {'type': 'list_item', 'content': 'Inspect the gateway.cmd script files used by OpenClaw scheduled tasks for unescaped metacharacters or suspicious command injections by opening them in a text editor or using `findstr` to search for metacharacters.'}, {'type': 'list_item', 'content': 'Search for carriage return or line feed characters in command arguments or environment variables within scripts that could indicate injection points.'}] [1, 2, 3]

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.19 or later, where the vulnerability has been fixed by implementing proper quoting, escaping, and validation of command arguments and environment variables in Windows scheduled task script generation.

If upgrading immediately is not possible, consider the following interim measures:

  • Avoid running OpenClaw on Windows systems where untrusted users have local access to control service script generation arguments.
  • Manually review and sanitize any inputs or environment variables that influence the generation of scheduled task scripts to ensure they do not contain metacharacters or CR/LF sequences.
  • Restrict permissions on gateway.cmd files and scheduled tasks to prevent unauthorized modification.
  • Monitor scheduled tasks and logs for suspicious activity that could indicate exploitation attempts.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31994. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart