https://feed.craftedsignal.io/tags/cve-2026-32973/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSun, 29 Mar 2026 13:17:01 +0000https://feed.craftedsignal.io/briefs/2026-03-openclaw-bypass/Sun, 29 Mar 2026 13:17:01 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-openclaw-bypass/OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability (CVE-2026-32973) due to improper normalization of patterns, allowing attackers to execute unintended commands via wildcard matching in POSIX paths.OpenClaw versions prior to 2026.3.11 are susceptible to an exec allowlist bypass vulnerability, identified as CVE-2026-32973. The vulnerability stems from the matchesExecAllowlistPattern function’s flawed normalization process, specifically its handling of lowercasing and glob matching. This leads to overmatching on POSIX paths, enabling attackers to circumvent intended restrictions. By leveraging the ‘?’ wildcard, attackers can match across path segments to execute commands or access paths…

]]>criticaladvisorycve-2026-32973openclawallowlist-bypass