OpenClaw Command Injection Vulnerability in Systemd Unit File Generation Allowing Arbitrary Command Execution

A command injection vulnerability has been identified in OpenClaw versions 2026.2.19-2 prior to 2026.2.21. The issue arises in the generation of systemd unit files, where environment values controlled by an attacker are not properly validated for carriage return or line feed characters. This oversight allows for newline injection, enabling the injection of arbitrary systemd directives by breaking out of the 'Environment=' lines. An attacker who can manipulate 'config.env.vars' and initiate a service installation or restart can execute commands with the privileges of the OpenClaw gateway service user.

Impact

Exploitation of this vulnerability allows for local arbitrary command execution under the OpenClaw gateway service user.

Reproduction

To reproduce this vulnerability, first, configure a malicious environment value in the OpenClaw configuration file, 'config.env.vars', including a newline and an injected directive, such as 'ExecStartPre=' followed by a command to be executed. Next, install or reinstall the OpenClaw gateway service, which will trigger the injection of the newline and directive into the systemd unit file. After the unit file is updated, reload the systemd user services and restart the OpenClaw gateway service. Finally, verify the execution of the injected command by checking for its side effects, such as the creation of a file in the '/tmp' directory.

Remediation

Users should update to OpenClaw version 2026.2.21 or later, where this vulnerability has been patched.