Tag

Allowlist-Bypass

3 briefs RSS

OpenClaw Exec Allowlist Bypass Vulnerability (CVE-2026-41390)

OpenClaw before version 2026.3.28 contains an exec allowlist bypass vulnerability (CVE-2026-41390) that allows attackers to persist trust for wrapper binaries like /usr/bin/script to execute different underlying programs, potentially leading to privilege escalation.

OpenClaw allowlist bypass privilege escalation cve-2026-41390

2r 2t 1c 6d ago

medium advisory

OpenClaw Microsoft Teams Plugin Sender Allowlist Bypass (CVE-2026-34506)

2 rules 2 TTPs 1 CVE

OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.

cve-2026-34506 openclaw microsoft teams allowlist bypass

2r 2t 1c Mar 31, 2026

critical advisory

OpenClaw Exec Allowlist Bypass via POSIX Path Overmatching (CVE-2026-32973)

2 rules 1 TTP

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.

cve-2026-32973 openclaw allowlist-bypass

2r 1t Mar 29, 2026