Is Command Injection affected by EUVD-2026-14590?

OpenClaw versions 2026.1.21 through 2026.2.18 contain a command injection vulnerability that allows authenticated users with low privilege levels to execute arbitrary commands on affected systems.

EUVD-2026-14590

| CVE-2026-32908 HIGH

2026-03-23 VulnCheck

GHSA-q528-m8hg-cjmr

7.0

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 23, 2026 - 22:00 euvd

EUVD-2026-14590

Analysis Generated

Mar 23, 2026 - 22:00 vuln.today

Patch Released

Mar 23, 2026 - 22:00 nvd

Patch available

CVE Published

Mar 23, 2026 - 21:36 nvd

HIGH 7.0

Description

OpenClaw 2026.1.21 before 2026.2.19 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows local operators to execute arbitrary commands. When spawn failures trigger shell fallback with shell: true, tool-provided arguments are interpreted by cmd.exe, enabling command injection through workflow-controlled parameters.

Analysis

OpenClaw 2026.1.21 through 2026.2.18 contains a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism. Local authenticated users with low privileges can execute arbitrary commands when spawn failures trigger shell fallback with cmd.exe, exploiting workflow-controlled parameters. …

Remediation

Within 24 hours: Identify all systems running OpenClaw versions 2026.1.21 through 2026.2.18 and assess their criticality level. Within 7 days: Apply the available vendor patch to all non-production instances and conduct testing in a staging environment. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +35

POC: 0

EUVD-2026-14590 vulnerability details – vuln.today

Back

EUVD-2026-14590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

EUVD-2026-14590

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code