CVE-2026-22176 in OpenClaw
Summary
by MITRE • 03/19/2026
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers can inject arbitrary commands through environment variable values containing metacharacters like &, |, ^, %, or ! to achieve command execution when the scheduled task script is generated and executed.
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 03/23/2026
The vulnerability identified as CVE-2026-22176 represents a critical command injection flaw within OpenClaw versions before 2026.2.19 that specifically targets the Windows Scheduled Task script generation mechanism. This issue arises from improper handling of environment variable assignments within the gateway.cmd script generation process, creating a pathway for malicious command execution that directly impacts system security and operational integrity.
The technical flaw stems from the implementation of unquoted environment variable assignments in the form of set KEY=VALUE within the scheduled task generation logic. When environment variable values contain shell metacharacters such as ampersand &, pipe |, caret ^, percent %, or exclamation mark !, these characters can escape the intended assignment context and execute arbitrary commands within the shell environment. This occurs because the system fails to properly sanitize or quote environment variable values before incorporating them into the command script, creating a classic command injection vulnerability that aligns with CWE-78 and CWE-88 standards.
The operational impact of this vulnerability extends beyond simple command execution, as it allows attackers to manipulate scheduled tasks that are automatically generated and executed by the system. When the gateway.cmd script is created and subsequently run, any maliciously crafted environment variable values can result in unauthorized command execution with the privileges of the scheduled task context. This represents a significant risk to system availability and data integrity, particularly in environments where scheduled tasks are used for critical system operations or automated maintenance functions.
This vulnerability demonstrates characteristics consistent with ATT&CK technique T1059.001 for command and scripting interpreter, specifically targeting Windows Command Shell execution pathways. The attack vector leverages the legitimate scheduled task functionality to execute malicious payloads, making detection more challenging as the commands appear to originate from normal system processes. Organizations utilizing OpenClaw in production environments face potential compromise through this vulnerability, as it can enable attackers to establish persistent access or escalate privileges through the execution of malicious commands within the scheduled task context.
The recommended mitigation strategy involves immediate upgrade to OpenClaw version 2026.2.19 or later, which addresses this vulnerability through proper environment variable sanitization and quoting mechanisms. Additionally, organizations should implement input validation for environment variables within scheduled task generation processes, apply least privilege principles to scheduled task execution contexts, and monitor scheduled task execution logs for anomalous command patterns. System administrators should also consider implementing runtime application self-protection measures and regular security assessments to identify potential exploitation attempts.