Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2026-31995

OpenClaw versions 2026.1.21 prior to 2026.2.19 contain a command injection vulnerability in the Lobster extension's Windows shell fallback mechanism that allows attackers to inject arbitrary commands through tool-provided arguments. When spawn failures trigger shell fallback with shell: true, attackers can exploit cmd.exe command interpretation to execute malicious commands by controlling workflow arguments.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.8%
CVSS Severity
CVSS v3 Score 5.3
Products affected by CVE-2026-31995
  • Openclaw » Openclaw » Version: 2026.1.21
    cpe:2.3:a:openclaw:openclaw:2026.1.21
  • Openclaw » Openclaw » Version: 2026.1.22
    cpe:2.3:a:openclaw:openclaw:2026.1.22
  • Openclaw » Openclaw » Version: 2026.1.23
    cpe:2.3:a:openclaw:openclaw:2026.1.23
  • Openclaw » Openclaw » Version: 2026.1.24
    cpe:2.3:a:openclaw:openclaw:2026.1.24
  • Openclaw » Openclaw » Version: 2026.1.24-1
    cpe:2.3:a:openclaw:openclaw:2026.1.24-1
  • Openclaw » Openclaw » Version: 2026.1.29
    cpe:2.3:a:openclaw:openclaw:2026.1.29
  • Openclaw » Openclaw » Version: 2026.1.30
    cpe:2.3:a:openclaw:openclaw:2026.1.30
  • Openclaw » Openclaw » Version: 2026.2.1
    cpe:2.3:a:openclaw:openclaw:2026.2.1
  • Openclaw » Openclaw » Version: 2026.2.12
    cpe:2.3:a:openclaw:openclaw:2026.2.12
  • Openclaw » Openclaw » Version: 2026.2.13
    cpe:2.3:a:openclaw:openclaw:2026.2.13
  • Openclaw » Openclaw » Version: 2026.2.14
    cpe:2.3:a:openclaw:openclaw:2026.2.14
  • Openclaw » Openclaw » Version: 2026.2.15
    cpe:2.3:a:openclaw:openclaw:2026.2.15
  • Openclaw » Openclaw » Version: 2026.2.17
    cpe:2.3:a:openclaw:openclaw:2026.2.17
  • Openclaw » Openclaw » Version: 2026.2.2
    cpe:2.3:a:openclaw:openclaw:2026.2.2
  • Openclaw » Openclaw » Version: 2026.2.3
    cpe:2.3:a:openclaw:openclaw:2026.2.3
  • Openclaw » Openclaw » Version: 2026.2.6
    cpe:2.3:a:openclaw:openclaw:2026.2.6
  • Openclaw » Openclaw » Version: 2026.2.6-1
    cpe:2.3:a:openclaw:openclaw:2026.2.6-1
  • Openclaw » Openclaw » Version: 2026.2.6-2
    cpe:2.3:a:openclaw:openclaw:2026.2.6-2
  • Openclaw » Openclaw » Version: 2026.2.6-3
    cpe:2.3:a:openclaw:openclaw:2026.2.6-3
  • Openclaw » Openclaw » Version: 2026.2.9
    cpe:2.3:a:openclaw:openclaw:2026.2.9
  • Microsoft » Windows » Version: N/A
    cpe:2.3:o:microsoft:windows:-


Products
Pricing
Contact Us

Shodan ® - All rights reserved