Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
OpenClaw Windows Lobster Tool Allows Malicious Code Execution
GHSA-7fcc-cw49-xm78
Summary
A security flaw in OpenClaw's Lobster tool on Windows allows an attacker to inject malicious commands, potentially leading to data breaches or system compromise. Affected users should update to the latest version of OpenClaw, which has been patched to prevent this issue. Users can update to the latest version (2026.2.19 or higher) to ensure their system is secure.
What to do
- Update openclaw to version 2026.2.19.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.2.19 | 2026.2.19 |
Original title
OpenClaw has command injection via Windows shell fallback in Lobster tool execution
Original description
## Summary
The Lobster extension tool execution path used a Windows shell fallback (`shell: true`) after spawn failures (`EINVAL`/`ENOENT`). In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Latest confirmed affected published version: `2026.2.17`
- Patched version: `2026.2.19`
## Technical Details
In affected releases (including `v2026.2.17`), `extensions/lobster/src/lobster-tool.ts` retried subprocess launch with `shell: true` on Windows for `EINVAL`/`ENOENT` spawn errors. The fix removes shell fallback and resolves Windows wrappers to explicit executable/script argv execution.
## Fix Commit(s)
- `ba7be018da354ea9f803ed356d20464df0437916`
OpenClaw thanks @allsmog for reporting.
The Lobster extension tool execution path used a Windows shell fallback (`shell: true`) after spawn failures (`EINVAL`/`ENOENT`). In that fallback path, shell metacharacters in command arguments can be interpreted by the shell, enabling command injection.
## Affected Packages / Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.2.17`
- Latest confirmed affected published version: `2026.2.17`
- Patched version: `2026.2.19`
## Technical Details
In affected releases (including `v2026.2.17`), `extensions/lobster/src/lobster-tool.ts` retried subprocess launch with `shell: true` on Windows for `EINVAL`/`ENOENT` spawn errors. The fix removes shell fallback and resolves Windows wrappers to explicit executable/script argv execution.
## Fix Commit(s)
- `ba7be018da354ea9f803ed356d20464df0437916`
OpenClaw thanks @allsmog for reporting.
ghsa CVSS4.0
8.6
Vulnerability type
CWE-78
OS Command Injection
Published: 3 Mar 2026 · Updated: 7 Mar 2026 · First seen: 6 Mar 2026