Primary

Context

OpenClaw Exec Allowlist Bypass Vulnerability

Vulnerability

A vulnerability allowing exec allowlist bypass has been identified in OpenClaw versions prior to 2026.3.11. The issue arises because the 'matchesExecAllowlistPattern' function improperly normalizes patterns, leading to an overbroad matching on POSIX paths. This flaw allows attackers to exploit the '?' wildcard to cross path segments, executing commands or accessing paths not intended to be approved by operators.

Impact

Exploitation of this vulnerability could allow unauthorized execution of commands or access to executable paths, bypassing the intended exec allowlist restrictions.

Remediation

Users can upgrade to OpenClaw version 2026.3.11 or later to address this vulnerability. The patch is included in version 2026.3.12.

Added: Mar 29, 2026, 1:24 PM

Updated: Mar 29, 2026, 1:24 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

7.0

remediation

0.0

relevance

4.9

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Exec Allowlist Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating