EUVD-2026-14588

OpenClaw before 2026.2.19 contains a local command injection vulnerability in Windows scheduled task script generation that allows attackers to execute arbitrary commands by injecting cmd metacharacters into unsafe gateway.cmd arguments. Attackers with control over service script generation value...

CVE-2026-32907

OpenClaw is affected by CVE-2026-32907 in versions prior to 2026.2.19. A local command-injection flaw exists in Windows scheduled task script generation, allowing an attacker who can influence service script generation values to inject unescaped cmd metacharacters into gateway.cmd arguments and a...