Unrated severityNVD Advisory· Published Mar 29, 2026· Updated Mar 30, 2026
OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization
CVE-2026-32973
Description
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8mmitrethird-party-advisory
- www.vulncheck.com/advisories/openclaw-exec-allowlist-pattern-overmatch-via-posix-path-normalizationmitrethird-party-advisory
News mentions
0No linked articles in our index yet.