CVE-2026-31999
Current Directory Injection in OpenClaw Windows Wrapper Enables Command Execution
Publication date: 2026-03-19
Last updated on: 2026-03-19
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.2.26 (inc) to 2026.3.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-78 | The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31999 is a vulnerability in OpenClaw versions prior to 2026.3.1 on Windows that involves current working directory (cwd) injection during the wrapper resolution process for .cmd and .bat files.
The issue arises because the fallback mechanism for shell execution improperly handles the cwd, allowing remote attackers to manipulate it and influence how commands are executed.
This manipulation can lead to a loss of command execution integrity, effectively enabling OS command injection attacks where malicious commands can be executed by altering the intended command behavior.
How can this vulnerability impact me? :
This vulnerability can allow remote attackers to execute arbitrary OS commands by manipulating the current working directory during wrapper resolution.
Such command execution integrity loss can lead to unauthorized actions on the affected system, potentially compromising system security and stability.
Because the vulnerability allows OS command injection, attackers could perform malicious activities such as executing harmful scripts, altering system files, or gaining further access.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate the vulnerability CVE-2026-31999 in OpenClaw versions prior to 2026.3.1 on Windows, you should upgrade OpenClaw to version 2026.3.1 or later.
The fix in version 2026.3.1 includes changes to the wrapper resolution logic to prioritize explicit PATH and PATHEXT entrypoint resolution and direct execution of unwrapped Node or EXE files.
Additionally, the update implements a strict fail-closed policy for cases where wrapper resolution fails, preventing fallback to unsafe shell execution that could be exploited via current working directory manipulation.