Which versions of OpenClaw are affected by CVE-2026-32973?

OpenClaw versions prior to 2026.3.11 contain a critical execution allowlist bypass that permits unauthenticated remote attackers to execute arbitrary commands on affected systems.. A patch is available.

How to fix or mitigate CVE-2026-32973?

Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.3.11 using inventory and asset management tools. Within 7 days: Upgrade all affected OpenClaw instances to version 2026.3.11 or later per vendor patch release. Within 30 days: Conduct security assessment of affected systems to verify no unauthorized command execution occurred during exposure window; review and strengthen compensating network controls such as network segmentation and access restrictions to OpenClaw services.

OpenClaw CVE-2026-32973

Q: What is the CVSS score of CVE-2026-32973?

CVE-2026-32973 has a CVSS 4.0 base score of 8.8 (High). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

EUVD-2026-17011 HIGH

Permissive Regular Expression (CWE-625)

2026-03-29 VulnCheck

Authentication Bypass

8.8

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Analysis Updated

Apr 16, 2026 - 06:11 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

2026.3.11

EUVD ID Assigned

Mar 29, 2026 - 13:15 euvd

EUVD-2026-17011

Analysis Generated

Mar 29, 2026 - 13:15 vuln.today

CVE Published

Mar 29, 2026 - 12:44 nvd

HIGH 8.8

DescriptionNVD

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.

AnalysisAI

Execution allowlist bypass in OpenClaw (versions prior to 2026.3.11) enables unauthenticated remote attackers to execute arbitrary commands by exploiting improper pattern normalization in matchesExecAllowlistPattern. The vulnerability stems from lowercasing and overly permissive glob matching logic that incorrectly allows the ? …

RemediationAI

Within 24 hours: Identify all systems running OpenClaw versions prior to 2026.3.11 using inventory and asset management tools. Within 7 days: Upgrade all affected OpenClaw instances to version 2026.3.11 or later per vendor patch release. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-32973 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-32973

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-32973

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code