OpenClaw Local Command Injection Vulnerability in Windows Scheduled Task Script Generation

A local command injection vulnerability has been identified in OpenClaw versions prior to 2026.2.19. This issue arises in the Windows scheduled task script generation process, where command metacharacters and expansion-sensitive characters are not handled safely in the 'gateway.cmd' files. Local attackers who can control the arguments for service script generation may inject arbitrary commands by using metacharacter-only values or CR/LF sequences, which can execute unintended code in the context of the scheduled task.

Impact

Exploitation of this vulnerability allows for arbitrary command execution in the context of the affected Windows scheduled task.

Reproduction

The vulnerability can be reproduced by installing OpenClaw version 2026.2.17 or earlier and then generating a Windows scheduled task with arguments that include command metacharacters or CR/LF sequences. This can be done by using the 'installScheduledTask' function in the OpenClaw daemon, with the 'programArguments' parameter set to include these characters. After the task is created, the 'gateway.cmd' file will reflect the injected commands, which will be executed when the task runs.

Remediation

Users can update to OpenClaw version 2026.2.19 or later, where this vulnerability has been patched.