Unrated severityNVD Advisory· Published Mar 29, 2026· Updated Mar 30, 2026
OpenClaw < 2026.3.11 - Exec Allowlist Pattern Overmatch via POSIX Path Normalization
CVE-2026-32973
Description
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
2- github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8mmitrethird-party-advisory
- www.vulncheck.com/advisories/openclaw-exec-allowlist-pattern-overmatch-via-posix-path-normalizationmitrethird-party-advisory
News mentions
0No linked articles in our index yet.