DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-FG3M-VHRR-8GJ6: GHSA-FG3M-VHRR-8GJ6: Critical Command Injection in OpenClaw Lobster Extension via Windows Shell Fallback

#security #cve #cybersecurity #ghsa

GHSA-FG3M-VHRR-8GJ6: Critical Command Injection in OpenClaw Lobster Extension via Windows Shell Fallback

Vulnerability ID: GHSA-FG3M-VHRR-8GJ6
CVSS Score: 9.9
Published: 2026-03-03

A critical OS command injection vulnerability exists in the OpenClaw "Lobster" extension when deployed on Windows systems. The vulnerability stems from an insecure fallback mechanism in the process execution logic. When the application fails to spawn the Lobster CLI tool directly (a common occurrence with Windows .cmd shims), it retries the operation using a system shell (shell: true). This fallback path does not properly sanitize user-controlled arguments, allowing authenticated attackers to inject arbitrary shell metacharacters and execute commands with the privileges of the host process. The flaw carries a CVSS score of 9.9, indicating critical impact across confidentiality, integrity, and availability.

TL;DR

OpenClaw's Lobster extension on Windows contains a critical command injection flaw. If the application fails to execute the Lobster tool directly, it unsafely falls back to executing via cmd.exe. Attackers can exploit this by injecting shell commands into tool arguments, achieving remote code execution.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-78
  • Attack Vector: Network
  • CVSS v3.1: 9.9 (Critical)
  • Platform: Windows
  • Privileges Required: Low (Authenticated User)
  • Impact: Remote Code Execution

Affected Systems

  • OpenClaw on Windows
  • OpenClaw: < 2026.2.23-beta.1 (Fixed in: 2026.2.23-beta.1)

Code Analysis

Commit: ba7be01

Remove shell fallback and implement secure Windows spawn resolution

Mitigation Strategies

  • Eliminate the use of shell: true in child_process.spawn calls.
  • Implement robust resolution for Windows shim scripts (.cmd/.bat) manually.
  • Sanitize all user inputs used in process generation (though structure is preferred over sanitization).

Remediation Steps:

  1. Update the OpenClaw package to version 2026.2.23-beta.1 or later.
  2. Verify the installation by checking the version number.
  3. Restart the OpenClaw service to ensure the new code is loaded.
  4. Audit logs for suspicious command execution patterns (e.g., cmd.exe spawning unusual children).

References

Read the full report for GHSA-FG3M-VHRR-8GJ6 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)