OpenClaw Command Injection Vulnerability in Lobster Tool Execution
Vulnerability
A command injection vulnerability has been identified in OpenClaw versions prior to 2026.2.19. This issue arises in the Lobster extension tool execution, which defaults to using Windows shell fallback with 'shell: true' after encountering subprocess launch errors related to invalid arguments or missing files. Exploitation allows for the injection of shell metacharacters into command arguments, enabling the execution of arbitrary commands.
Impact
Exploitation of this vulnerability allows for command injection, where an attacker can execute arbitrary commands on the system.
Reproduction
To reproduce this vulnerability, create a Lobster command-line shim that references a script but does not include an entry point. When this shim is executed, the Lobster tool will attempt to launch it using the Windows shell. If the launch fails with an 'EINVAL' or 'ENOENT' error, the tool will retry the execution with 'shell: true', which can be exploited by injecting shell metacharacters into the command arguments. This can be automated with a test that simulates the injection and verifies the execution of the injected command.
Remediation
Users can update to OpenClaw version 2026.2.19 or later, where this vulnerability has been patched.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.