CVE-2026-31999
Received Received - Intake
Current Directory Injection in OpenClaw Windows Wrapper Enables Command Execution

Publication date: 2026-03-19

Last updated on: 2026-03-19

Assigner: VulnCheck

Description
OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows contain a current working directory injection vulnerability in wrapper resolution for .cmd/.bat files that allows attackers to influence execution behavior through cwd manipulation. Remote attackers can exploit improper shell execution fallback mechanisms to achieve command execution integrity loss by controlling the current working directory during wrapper resolution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-31999
EUVD
EUVD-2026-13037
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw From 2026.2.26 (inc) to 2026.3.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-78 The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-31999 is a vulnerability in OpenClaw versions prior to 2026.3.1 on Windows that involves current working directory (cwd) injection during the wrapper resolution process for .cmd and .bat files.

The issue arises because the fallback mechanism for shell execution improperly handles the cwd, allowing remote attackers to manipulate it and influence how commands are executed.

This manipulation can lead to a loss of command execution integrity, effectively enabling OS command injection attacks where malicious commands can be executed by altering the intended command behavior.

Impact Analysis

This vulnerability can allow remote attackers to execute arbitrary OS commands by manipulating the current working directory during wrapper resolution.

Such command execution integrity loss can lead to unauthorized actions on the affected system, potentially compromising system security and stability.

Because the vulnerability allows OS command injection, attackers could perform malicious activities such as executing harmful scripts, altering system files, or gaining further access.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate the vulnerability CVE-2026-31999 in OpenClaw versions prior to 2026.3.1 on Windows, you should upgrade OpenClaw to version 2026.3.1 or later.

The fix in version 2026.3.1 includes changes to the wrapper resolution logic to prioritize explicit PATH and PATHEXT entrypoint resolution and direct execution of unwrapped Node or EXE files.

Additionally, the update implements a strict fail-closed policy for cases where wrapper resolution fails, preventing fallback to unsafe shell execution that could be exploited via current working directory manipulation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31999. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart