CVE-2026-32973

CRITICAL

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.

CVSS v3.1 Score

9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Complexity
LOW
Privileges
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Published: 3/29/2026Modified: 3/30/2026

Related Intelligence (1)

CRITICALVulnerability

NVD CRITICAL: CVE-2026-32973 — OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where ...

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.

CVE-2026-32973
NIST NVD

References (2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-f8r2-vg7x-gh8mVendor Advisoryhttps://www.vulncheck.com/advisories/openclaw-exec-allowlist-pattern-overmatch-via-posix-path-normalizationThird Party Advisory