Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.5
OpenClaw Windows Scheduled Task Generation Allows Unwanted Command Execution
GHSA-mqr9-vqhq-3jxw
Summary
A vulnerability in OpenClaw's Windows Scheduled Task script generation could allow an attacker to execute unwanted commands on a Windows system, if they have control over the values used to generate the script. To protect your system, update OpenClaw to version 2026.2.19 or later, which fixes this issue. If you're using an earlier version, consider replacing it with a more secure alternative or manually reviewing and securing any generated scripts.
What to do
- Update openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.19 | 2026.2.19 |
Original title
OpenClaw Windows Scheduled Task script generation allowed local command injection via unsafe cmd argument handling
Original description
### Summary
OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated `gateway.cmd` files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task runs.
### Details
The issue affected Windows daemon startup script generation in `src/daemon/schtasks.ts`.
Vulnerable behavior included:
- Incomplete cmd argument quoting for metacharacter-only values.
- Incomplete handling of cmd expansion-sensitive characters in script arguments.
- Missing CR/LF guards for script-rendered fields.
The fix hardens Windows script generation by:
- Separating schtasks argument quoting from batch script argument quoting.
- Quoting cmd metacharacter arguments and escaping `%` / `!` expansion cases.
- Rejecting CR/LF in command arguments, task descriptions, and rendered environment assignments.
- Adding regression tests for metacharacter and line-break injection paths.
### Impact
This issue is local to Windows deployments and requires control over values that feed service script generation (for example install-time/runtime arguments or environment-derived values). It can result in unintended command execution in the scheduled task context.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable versions: `<= 2026.2.17`
- Patched version: `>= 2026.2.19` (planned next npm release)
- Latest published npm version at update time (2026-02-19): `2026.2.17`
### Fix Commit(s)
- `280c6b117b2f0e24f398e5219048cd4cc3b82396`
OpenClaw thanks @tdjackey for reporting.
OpenClaw Windows Scheduled Task script generation allowed unsafe argument handling in generated `gateway.cmd` files. In vulnerable versions, cmd metacharacter-only values could be emitted without safe quoting/escaping, which could lead to unintended command execution when the scheduled task runs.
### Details
The issue affected Windows daemon startup script generation in `src/daemon/schtasks.ts`.
Vulnerable behavior included:
- Incomplete cmd argument quoting for metacharacter-only values.
- Incomplete handling of cmd expansion-sensitive characters in script arguments.
- Missing CR/LF guards for script-rendered fields.
The fix hardens Windows script generation by:
- Separating schtasks argument quoting from batch script argument quoting.
- Quoting cmd metacharacter arguments and escaping `%` / `!` expansion cases.
- Rejecting CR/LF in command arguments, task descriptions, and rendered environment assignments.
- Adding regression tests for metacharacter and line-break injection paths.
### Impact
This issue is local to Windows deployments and requires control over values that feed service script generation (for example install-time/runtime arguments or environment-derived values). It can result in unintended command execution in the scheduled task context.
### Affected Packages / Versions
- Package: `openclaw` (npm)
- Vulnerable versions: `<= 2026.2.17`
- Patched version: `>= 2026.2.19` (planned next npm release)
- Latest published npm version at update time (2026-02-19): `2026.2.17`
### Fix Commit(s)
- `280c6b117b2f0e24f398e5219048cd4cc3b82396`
OpenClaw thanks @tdjackey for reporting.
ghsa CVSS4.0
8.5
Vulnerability type
CWE-116
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026