A vulnerability has been found in OpenClaw up to 2026.2.18 and classified as critical . Affected is an unknown function of the component Windows Scheduled Task Script Generation . Performing a manipulation results in os command injection. This vulnerability is cataloged as CVE-2026-31994 . The attack must be initiated from a local position. There is no exploit available. The affected component should be upgraded.