CVE-2026-32973 in OpenClaw信息

摘要 (英语)

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or paths not intended by operators.

负责

VulnCheck

预定

2026-03-17

披露

2026-03-29

条目

已发布	基础	临时	漏洞	CWE	产品	可利用	对策	EPSS	CTI	CVE
2026-03-29	8.5	8.4	OpenClaw 远程代码执行	625	Artificial Intelligence Software	未定义	官方修复	0.00000	3.48+	CVE-2026-32973

显示更多

描述
更改
网络威胁情报
API/JSON

◂ 上一步一览下一步 ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!