Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L
Lifecycle Timeline
4DescriptionCVE.org
OpenClaw versions 2026.2.26 before 2026.3.1 contain a current working directory injection vulnerability in Windows wrapper resolution for .cmd/.bat files that allows shell execution fallback. Attackers can manipulate the current working directory to alter wrapper resolution behavior and achieve command execution integrity loss.
AnalysisAI
OpenClaw versions 2026.2.26 through 2026.3.0 contain a current working directory (CWD) injection vulnerability in the Windows wrapper resolution mechanism for .cmd and .bat files, allowing attackers with local access to manipulate CWD and achieve command execution with integrity compromise. An attacker with local privileges can alter the working directory to inject malicious wrapper scripts that execute instead of legitimate ones, bypassing command execution controls. The vulnerability requires local access and moderate complexity but enables high-integrity impact; no active KEV or widespread exploitation has been reported, but proof-of-concept details are documented in vendor security advisories.
Technical ContextAI
The vulnerability exists in OpenClaw's Windows shell wrapper resolution logic for batch and command files (.cmd/.bat). When OpenClaw resolves wrapper scripts on Windows, it searches the current working directory as part of its path resolution mechanism, consistent with CWE-426 (Untrusted Search Path). By manipulating the CWD before invoking OpenClaw operations, an attacker can place a malicious .cmd or .bat file in a predictable location that OpenClaw will execute instead of the legitimate system wrapper. This is a classic DLL/executable search-path hijacking pattern applied to batch script resolution. The affected product range spans OpenClaw versions before 2026.3.1 (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*), with confirmed vulnerability in 2026.2.26 and later versions up to 2026.3.0.
RemediationAI
Upgrade OpenClaw to version 2026.3.1 or later immediately, as the patch directly addresses CWD injection in wrapper resolution. For environments unable to patch immediately, restrict local user execution contexts and enforce strict working directory controls via Windows Group Policy (e.g., disable execution from user-writable directories, enforce AppLocker policies on .cmd/.bat execution, or run OpenClaw under a dedicated service account with minimal directory write permissions). Additionally, audit systems where untrusted local users can manipulate working directories before invoking OpenClaw operations. See vendor advisories at https://github.com/openclaw/openclaw/security/advisories/GHSA-6f6j-wx9w-ff4j for patch availability and detailed remediation guidance.
Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX
Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by
The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co
Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in
A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr
Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR
Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables
Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker
Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b
An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote
FreeFloat FTP Server contains multiple critical design flaws that allow unauthenticated remote attackers to upload arbit
Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio
Same weakness CWE-426 – Untrusted Search Path
View allSame technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-14597
GHSA-7j7f-88p8-wh55