EUVD-2026-17011CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3Description
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.
Analysis
Execution allowlist bypass in OpenClaw (versions prior to 2026.3.11) enables unauthenticated remote attackers to execute arbitrary commands by exploiting improper pattern normalization in matchesExecAllowlistPattern. The vulnerability stems from lowercasing and overly permissive glob matching logic that incorrectly allows the ? …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.3.11 using asset inventory tools and isolate them from untrusted networks if possible. Within 7 days: Contact OpenClaw vendor for patch availability timeline and interim security guidance; implement network-level access controls restricting OpenClaw to authorized users only. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today