CVE-2026-41392

OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while...

CVE-2026-41392

OpenClaw before 2026.3.31 contains an exec allowlist bypass vulnerability allowing attackers to inherit allowlist trust via shell init-file wrapper invocations. Attackers can exploit shell options like --rcfile, --init-file, and --startup-file to load attacker-chosen initialization files while...

CVE-2026-41392

OpenClaw has a vulnerability (CVE-2026-41392) where exec allowlist matching can be bypassed by shell init-file wrapper invocations. Affected product: OpenClaw before 2026.3.31. Attack path involves using shell options such as --rcfile, --init-file, and --startup-file to load attacker-controlled i...

CVE-2026-41390 OpenClaw < 2026.3.28 - Exec Allowlist Bypass via Unregistered /usr/bin/script Wrapper

OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper binaries that execu...

PT-2026-35776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31 Description An exec allowlist bypass allows attackers to inherit allowlist trust through shell init-file wrapper invocations. By utilizing shell options such as --rcfile, --init-file, and --startup-file,...

EUVD-2026-17011

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

CVE-2026-32973

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

CVE-2026-28470

OpenClaw is affected in versions prior to 2026.2.2. The issue is an exec approvals allowlist bypass that lets an attacker run arbitrary commands by injecting command substitution syntax (unescaped $() or backticks) inside double-quoted strings, bypassing the allowlist protection. The vulnerabilit...

PT-2026-26398

Summary OpenClaw exec allowlist/safeBins policy could be bypassed with attached short-option payloads for example sort -o/tmp/poc, enabling file-write operations while still satisfying safeBins checks. Affected Packages / Versions - Package: openclaw npm - Affected versions: = 2026.2.17 - Latest...