OpenClaw Lobster Extension Windows Shell Fallback Command Injection Vulnerability

A command injection vulnerability has been identified in the OpenClaw application, specifically within the Lobster extension's Windows shell fallback mechanism. This vulnerability is present in OpenClaw versions 2026.1.21 prior to 2026.2.19. The issue arises when the application encounters a spawn failure and defaults to using the Windows shell, allowing attackers to inject arbitrary commands by manipulating tool-provided arguments. Exploitation occurs through the command interpretation of cmd.exe, where injected commands can be executed by controlling workflow arguments.

Impact

Exploitation of this vulnerability allows for command injection on Windows systems, where injected commands can be executed via cmd.exe.

Reproduction

To reproduce this vulnerability, first, use OpenClaw version 2026.1.21 prior to 2026.2.19 on a Windows system. Then, create a Lobster tool that triggers a spawn failure, such as 'ENOENT' or 'EINVAL'. This will activate the shell fallback mechanism. When the fallback is engaged, inject commands through the tool's arguments. The injected commands will be executed by cmd.exe, demonstrating the command injection vulnerability.

Remediation

Users can upgrade to OpenClaw version 2026.2.19 or later, where this vulnerability has been patched. Instructions for updating can be found in the OpenClaw documentation.