CVE-2026-22176
Published: 19 March 2026
Summary
CVE-2026-22176 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Scheduled Task (T1053.005); ranked at the 18.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires timely identification, reporting, and correction of the command injection flaw in OpenClaw via patching to version 2026.2.19 or later.
Mandates validation of environment variable inputs at script generation points to reject or sanitize shell metacharacters like &, |, ^, %, or !.
Filters output written to gateway.cmd to escape or block metacharacters that could enable command injection breakout.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Command injection into .cmd scheduled task script enables arbitrary Windows command execution (T1059.003) via abused scheduled task (T1053.005).
NVD Description
OpenClaw versions prior to 2026.2.19 contain a command injection vulnerability in Windows Scheduled Task script generation where environment variables are written to gateway.cmd using unquoted set KEY=VALUE assignments, allowing shell metacharacters to break out of assignment context. Attackers can inject…
more
arbitrary commands through environment variable values containing metacharacters like &, |, ^, %, or ! to achieve command execution when the scheduled task script is generated and executed.
Deeper analysisAI
OpenClaw versions prior to 2026.2.19 are affected by CVE-2026-22176, a command injection vulnerability (CWE-78) in the Windows Scheduled Task script generation process. The issue arises when environment variables are written to the gateway.cmd file using unquoted set KEY=VALUE assignments, which allows shell metacharacters to break out of the assignment context. This flaw enables attackers to inject arbitrary commands through environment variable values containing metacharacters such as &, |, ^, %, or !. The vulnerability has a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L), indicating medium severity with local attack vector, low attack complexity, and low privileges required.
A local attacker with low privileges can exploit this vulnerability by setting environment variables with specially crafted values that include shell metacharacters. When OpenClaw generates and executes the gateway.cmd scheduled task script, the injected commands execute in the context of the process, potentially allowing arbitrary command execution on the Windows system. This can lead to high integrity impact, such as modifying files or configurations, and low availability impact, without compromising confidentiality.
Advisories and the associated patch recommend upgrading to OpenClaw version 2026.2.19 or later, where the fix is implemented in GitHub commit dafe52e8cf1a041d898cfb304a485fa05e5f58fb. The GitHub security advisory (GHSA-pj5x-38rw-6fph) and VulnCheck advisory detail the issue and mitigation steps, emphasizing proper quoting of environment variables in script generation to prevent command injection.
Details
- CWE(s)