Primary

Context

OpenClaw Current Working Directory Injection Vulnerability in Windows Wrapper Resolution

Vulnerability

A current working directory injection vulnerability has been identified in OpenClaw versions 2026.2.26 prior to 2026.3.1. This vulnerability arises in the Windows wrapper resolution for .cmd and .bat files, where the execution can fallback to the shell. Attackers have the ability to manipulate the current working directory, thereby altering the wrapper resolution behavior and causing a loss of integrity in command execution.

Impact

Exploitation of this vulnerability could lead to a loss of integrity in command execution, allowing for unauthorized commands to be executed through manipulated wrapper resolutions.

Remediation

Users can upgrade to OpenClaw version 2026.3.1 or later, where this vulnerability has been patched.

Added: Mar 23, 2026, 10:22 PM

Updated: Mar 23, 2026, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

2.9

remediation

0.0

relevance

4.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Current Working Directory Injection Vulnerability in Windows Wrapper Resolution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating