Primary

Context

OpenClaw Current Working Directory Injection Vulnerability in Windows ACPX Wrapper Resolution

Vulnerability

A current working directory injection vulnerability has been identified in OpenClaw versions 2026.2.26 prior to 2026.3.1 on Windows. This vulnerability arises during wrapper resolution for .cmd and .bat files, where improper fallback mechanisms allow remote attackers to manipulate the current working directory. By doing so, they can influence execution behavior and cause a loss of command execution integrity.

Impact

Exploitation of this vulnerability could lead to unauthorized command execution by manipulating the current working directory during the resolution of wrapper files.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 19, 2026, 2:20 AM

Updated: Mar 19, 2026, 2:20 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

6.2

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Current Working Directory Injection Vulnerability in Windows ACPX Wrapper Resolution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating