CVE-2026-32973 in OpenClaw
요약 (영어)
OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.
책임이 있는
VulnCheck
예약하다
2026. 03. 17.
공개
2026. 03. 29.
엔트리
| 아이디 | 취약성 | CWE | 기본 | 임시 | 0day | 오늘 | 악용 | KEV | EPSS | CTI | 대책 | CVE |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 354110 | OpenClaw 원격 코드 실행 | 625 | 8.5 | 8.4 | $0-$5k | $0-$5k | 정의되지 않음 | 0.00000 | 4.51- | 공식 수정 | CVE-2026-32973 |