CVE-2026-31995 in OpenClaw
Summary
by MITRE • 03/19/2026
OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow arguments.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 03/23/2026
The vulnerability identified as CVE-2026-31995 resides within the OpenClaw software ecosystem, specifically affecting versions prior to 2026.2.19 of the Lobster extension. This security flaw represents a critical command injection vulnerability that exploits a Windows shell fallback mechanism, creating a pathway for malicious actors to execute arbitrary code on affected systems. The vulnerability manifests when the system encounters failures during tool execution, triggering an automatic fallback to a shell execution mechanism that operates with shell: true parameter, thereby exposing the underlying system to potential exploitation.
The technical implementation of this vulnerability stems from insufficient input validation and sanitization within the Lobster extension's argument processing pipeline. When workflow arguments are passed to the system and subsequent tool execution fails, the fallback mechanism activates and directly invokes cmd.exe for command execution. This design flaw allows attackers to manipulate input parameters in such a way that malicious commands become embedded within the argument strings, which are then interpreted by the Windows command shell. The vulnerability directly maps to CWE-77 as it involves command injection through untrusted input, and it aligns with ATT&CK technique T1059.003 for Windows Command Shell execution.
The operational impact of this vulnerability extends beyond simple code execution, as it provides attackers with elevated privileges and potential persistence mechanisms within the affected environment. An attacker who successfully exploits this vulnerability can execute commands with the privileges of the user account running the OpenClaw service, potentially leading to complete system compromise. The vulnerability affects organizations using OpenClaw versions within the specified range, particularly those with Windows-based infrastructure where the Lobster extension is deployed, creating widespread exposure across various industries that rely on this software stack.
Mitigation strategies for CVE-2026-31995 should prioritize immediate patching of affected systems to version 2026.2.19 or later, which contains the necessary fixes for the command injection vulnerability. Organizations should also implement input validation measures at the application level to sanitize all user-provided arguments before they are processed by the system. Network segmentation and access controls should be enforced to limit the potential blast radius of exploitation, while monitoring solutions should be deployed to detect anomalous command execution patterns. Additionally, system administrators should disable unnecessary shell fallback mechanisms and implement principle of least privilege configurations to minimize the impact of potential exploitation attempts. The vulnerability demonstrates the critical importance of proper input sanitization and the dangers of executing user-provided commands through shell mechanisms without adequate validation.