Cyber Resilience

CVE-2026-31994

MediumPublic PoC

Published: 19 March 2026

Published
19 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v4 6.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0005 17.1th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-31994 is a medium-severity OS Command Injection (CWE-78) vulnerability in Openclaw Openclaw. Its CVSS base score is 6.9 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Scheduled Task (T1053.005); ranked at the 17.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2026-31994, published on 2026-03-19, is a local command injection vulnerability (CWE-78) in OpenClaw versions prior to 2026.2.19. The flaw occurs during Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files, enabling injection of arbitrary commands.

Local attackers with low privileges (PR:L) and access to the system (AV:L) who can control service script generation arguments are able to exploit the vulnerability. By supplying metacharacter-only values or CR/LF sequences, they can execute unintended code within the scheduled task context, resulting in high integrity (I:H) and availability (A:H) impacts but no confidentiality loss (CVSS 7.1, CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H).

Advisories recommend upgrading to OpenClaw 2026.2.19 or later, where the issue is fixed via commit 280c6b117b2f0e24f398e5219048cd4cc3b82396. Further details on the vulnerability and mitigation are available in the GitHub security advisory at GHSA-mqr9-vqhq-3jxw and the VulnCheck advisory.

EU & UK References

Vulnerability details

OpenClaw versions prior to 2026.2.19 contain a local command injection vulnerability in Windows scheduled task script generation due to unsafe handling of cmd metacharacters and expansion-sensitive characters in gateway.cmd files. Local attackers with control over service script generation arguments can…

more

inject arbitrary commands by providing metacharacter-only values or CR/LF sequences that execute unintended code in the scheduled task context.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1053.005 Scheduled Task Execution
Adversaries may abuse the Windows Task Scheduler to perform task scheduling for initial or recurring execution of malicious code.
T1059.003 Windows Command Shell Execution
Adversaries may abuse the Windows command shell for execution.
T1068 Exploitation for Privilege Escalation Privilege Escalation
Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.
Why these techniques?

Local command injection in scheduled task script generation (cmd metacharacters) directly enables malicious scheduled task execution (T1053.005) with Windows command shell (T1059.003) and facilitates local privilege escalation (T1068) due to PR:L to I:H impact.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-22176Same product: Openclaw Openclaw
CVE-2026-32000Same product: Openclaw Openclaw
CVE-2026-28391Same product: Openclaw Openclaw
CVE-2026-31999Same product: Openclaw Openclaw
CVE-2026-28460Same product: Openclaw Openclaw
CVE-2026-32034Same product: Openclaw Openclaw
CVE-2026-32010Same product: Openclaw Openclaw
CVE-2026-27566Same product: Openclaw Openclaw
CVE-2026-31996Same product: Openclaw Openclaw
CVE-2026-28470Same product: Openclaw Openclaw

Affected Assets

openclaw
openclaw
≤ 2026.2.19

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely flaw remediation through upgrading OpenClaw to version 2026.2.19 or later, fixing the unsafe handling of cmd metacharacters in gateway.cmd generation.

prevent

Prevents command injection by enforcing validation of service script generation arguments to reject metacharacters, CR/LF sequences, and expansion-sensitive characters before use in scheduled task scripts.

prevent

Mitigates impact of injected commands by applying least privilege to users and processes controlling script generation arguments and executing scheduled tasks.

References