Allowlist-Bypass — CraftedSignal Threat Feedhttps://feed.craftedsignal.io/tags/allowlist-bypass/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioTue, 28 Apr 2026 19:37:42 +0000OpenClaw Exec Allowlist Bypass Vulnerability (CVE-2026-41390)https://feed.craftedsignal.io/briefs/2026-04-openclaw-allowlist-bypass/Tue, 28 Apr 2026 19:37:42 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-04-openclaw-allowlist-bypass/OpenClaw before version 2026.3.28 contains an exec allowlist bypass vulnerability (CVE-2026-41390) that allows attackers to persist trust for wrapper binaries like /usr/bin/script to execute different underlying programs, potentially leading to privilege escalation.OpenClaw, a security application, is vulnerable to an allowlist bypass (CVE-2026-41390) affecting versions prior to 2026.3.28. The core issue lies in how OpenClaw handles “allow-always” persistence, specifically when dealing with wrapper binaries like /usr/bin/script. The application fails to properly unwrap or inspect the underlying commands executed by these wrappers before storing trust decisions. This oversight allows an attacker to gain user approval for a benign, wrapped command. Once approved, the trust is incorrectly associated with the wrapper binary itself, enabling the execution of arbitrary, potentially malicious, commands through the same wrapper. This vulnerability can lead to privilege escalation or other unauthorized activities, as the attacker can bypass intended security restrictions by leveraging the improperly granted trust.

Attack Chain

  1. Attacker identifies a vulnerable OpenClaw installation running a version prior to 2026.3.28.
  2. Attacker crafts a seemingly benign command using a wrapper binary like /usr/bin/script, such as script -q /tmp/output bash -c "id".
  3. The user is prompted by OpenClaw to approve the execution of /usr/bin/script.
  4. The user, believing the command is safe, approves the execution and adds /usr/bin/script to the “allow-always” list.
  5. OpenClaw incorrectly persists trust for /usr/bin/script without unwrapping the command.
  6. Attacker then executes a malicious command using the same wrapper, e.g., script -q /tmp/output bash -c "rm -rf /".
  7. OpenClaw allows the execution of the malicious command because /usr/bin/script is already trusted.
  8. The malicious command executes, resulting in data loss or system compromise.

Impact

Successful exploitation of this vulnerability allows attackers to bypass the intended access controls enforced by OpenClaw. An attacker can leverage a trusted wrapper binary to execute arbitrary commands, potentially leading to privilege escalation and full system compromise. The impact can range from data theft and system corruption to complete control over the affected system. This vulnerability affects any system running a vulnerable version of OpenClaw.

Recommendation

  • Upgrade OpenClaw to version 2026.3.28 or later to patch the vulnerability described in CVE-2026-41390.
  • Implement process monitoring to detect the execution of /usr/bin/script or similar wrappers with potentially malicious commands as a defense in depth. Use the “Detect Suspicious Script Wrapper Execution” Sigma rule provided below.
  • Review existing “allow-always” rules in OpenClaw and remove any entries for wrapper binaries like /usr/bin/script that might have been added inadvertently.
]]>highadvisoryallowlist bypassprivilege escalationcve-2026-41390OpenClaw Microsoft Teams Plugin Sender Allowlist Bypass (CVE-2026-34506)https://feed.craftedsignal.io/briefs/2026-03-openclaw-allowlist-bypass/Tue, 31 Mar 2026 12:16:30 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-allowlist-bypass/OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin, allowing unauthorized senders to bypass intended authorization checks due to improper handling of empty groupAllowFrom parameters, potentially leading to information disclosure.<p>OpenClaw, a Microsoft Teams plugin, is vulnerable to a sender allowlist bypass (CVE-2026-34506) in versions prior to 2026.3.8. The vulnerability stems from a misconfiguration issue where an empty <code>groupAllowFrom</code> parameter in the team/channel route allowlist leads to the synthesis of wildcard sender authorization. This allows any sender within the matched team/channel to trigger replies in allowlisted Teams routes, effectively bypassing intended authorization checks. This vulnerability was…</p> mediumadvisorycve-2026-34506openclawmicrosoft teamsallowlist bypassOpenClaw Exec Allowlist Bypass via POSIX Path Overmatching (CVE-2026-32973)https://feed.craftedsignal.io/briefs/2026-03-openclaw-bypass/Sun, 29 Mar 2026 13:17:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-bypass/OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.OpenClaw versions prior to 2026.3.11 are susceptible to an exec allowlist bypass vulnerability, identified as CVE-2026-32973. The vulnerability stems from the matchesExecAllowlistPattern function’s flawed normalization process, specifically its handling of lowercasing and glob matching. This leads to overmatching on POSIX paths, enabling attackers to circumvent intended restrictions. By leveraging the ‘?’ wildcard, attackers can match across path segments to execute commands or access paths…

]]>criticaladvisorycve-2026-32973openclawallowlist-bypass