Listen to this Post
The `matchesExecAllowlistPattern` function in OpenClaw failed to properly validate POSIX paths against the configured allowlist. The vulnerability stems from two distinct normalization issues. First, both the allowlist patterns and the target paths were being lowercased, which could cause case-insensitive mismatches on case-sensitive file systems. Second, and more critically, the glob matching logic allowed the `?` wildcard character to match the forward slash (/) directory separator. This enabled attackers to craft patterns that unintentionally crossed path segment boundaries. Consequently, an allowlist entry intended to approve a specific command or executable path could inadvertently match a completely different, unauthorized path. For example, a pattern like `/usr/bin/?at` could match `/usr/bin/cat` (intended) but also `/usr/bin/hat` or even a path with an extra segment due to the slash-crossing flaw, permitting execution of commands an operator did not approve [citation:original].
dailycve form:
Platform: OpenClaw
Version: <= 2026.3.8
Vulnerability : Exec approval bypass
Severity: Moderate
date: 2026-03-13
Prediction: 2026-03-20
What Undercode Say:
Analytics:
This vulnerability arises from flawed glob-to-POSIX translation logic. The flawed normalization meant case-folding allowed matches on different files, while the `?` wildcard matching `/` broke path segmentation. This overmatching bypassed security intent.
Exploit:
A malicious pattern `/?tmp/?at` could match an allowed binary like cat, but the flaw might allow it to execute a malicious binary at `/tmp/xat` by crossing the intended directory boundary.
Hypothetical exploit: Allowlist pattern "/bin/cat" is lowercased and matched. An attacker could request execution of "/BIN/CAT" (case variation) or a path like "/bin/cat" where the "?" wildcard in a broader pattern inadvertently matches "/", leading to execution of "/bin/cat" but also potentially other commands like "/bin/hat" if a pattern like "/bin/?at" existed. The core issue is pattern overmatching, not direct command injection in this specific CVE.
Protection from this CVE:
Upgrade to OpenClaw version `2026.3.11` or later. The patch introduces corrected path semantics, ensures proper case handling, and adds regression tests to prevent wildcards from crossing directory boundaries [citation:original].
Impact:
An attacker could execute unauthorized system commands or executables. This undermines the exec-allowlist security policy, potentially leading to arbitrary code execution in the OpenClaw runtime context and compromise of the host system.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

