{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-32973/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["critical"],"_cs_tags":["cve-2026-32973","openclaw","allowlist-bypass"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOpenClaw versions prior to 2026.3.11 are susceptible to an exec allowlist bypass vulnerability, identified as CVE-2026-32973. The vulnerability stems from the \u003ccode\u003ematchesExecAllowlistPattern\u003c/code\u003e function\u0026rsquo;s flawed normalization process, specifically its handling of lowercasing and glob matching. This leads to overmatching on POSIX paths, enabling attackers to circumvent intended restrictions. By leveraging the \u0026lsquo;?\u0026rsquo; wildcard, attackers can match across path segments to execute commands or access paths…\u003c/p\u003e\n","date_modified":"2026-03-29T13:17:01Z","date_published":"2026-03-29T13:17:01Z","id":"/briefs/2026-03-openclaw-bypass/","summary":"OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.","title":"OpenClaw Exec Allowlist Bypass via POSIX Path Overmatching (CVE-2026-32973)","url":"https://feed.craftedsignal.io/briefs/2026-03-openclaw-bypass/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-32973","version":"https://jsonfeed.org/version/1.1"}