Executive Summary

CVE-2026-31995 is a command injection vulnerability in the Lobster extension of OpenClaw versions prior to 2026.2.19 on Windows. When certain process spawn failures occur, the extension falls back to using the Windows shell (cmd.exe) with shell: true, which interprets commands. Attackers can exploit this fallback by injecting arbitrary commands through tool-provided arguments that are not properly sanitized, leading to execution of malicious commands.

The vulnerability arises because the fallback mechanism constructs OS commands using externally influenced input without properly neutralizing special elements, corresponding to CWE-78 (Improper Neutralization of Special Elements used in an OS Command).

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with local access and control over workflow arguments to execute arbitrary commands on a Windows system running vulnerable versions of OpenClaw. This can lead to unauthorized command execution, potentially compromising the integrity and availability of the affected system.

Because the vulnerability requires triggering a fallback path after a spawn failure and control over arguments, the risk is limited to scenarios where these conditions are met.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': "This vulnerability occurs specifically on Windows systems running OpenClaw versions from 2026.1.21 up to 2026.2.17 when the Lobster extension's Windows shell fallback mechanism is triggered due to spawn failures (errors ENOENT or EINVAL). Detection involves identifying if the vulnerable OpenClaw version is in use and if the fallback path with shell: true is being triggered."}, {'type': 'paragraph', 'content': 'Since the vulnerability depends on local operator-controlled workflow arguments triggering the fallback, detection can include monitoring for unexpected or suspicious command executions via cmd.exe that originate from OpenClaw processes.'}, {'type': 'paragraph', 'content': 'Specific commands to detect this vulnerability are not provided in the available resources. However, general detection steps could include:'}, {'type': 'list_item', 'content': 'Check the installed OpenClaw version to confirm if it is prior to 2026.2.19.'}, {'type': 'list_item', 'content': 'Monitor process creation events on Windows for cmd.exe executions spawned by OpenClaw or the Lobster extension.'}, {'type': 'list_item', 'content': 'Audit workflow arguments passed to OpenClaw for suspicious or unexpected input that could trigger command injection.'}] [1, 2]

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.2.19 or later, where the Windows shell fallback mechanism has been removed and replaced with a safer execution method that avoids using a shell.

If upgrading immediately is not possible, restrict or carefully validate all workflow arguments passed to OpenClaw to prevent injection of malicious commands.

Additionally, monitor and restrict the ability to trigger spawn failures that cause the fallback path to be used.

Ensure that only trusted users have permission to define or modify workflows that interact with the Lobster extension.

Useful 0 Not Useful 0