CVE-2026-32973

OpenClaw before 2026.3.11 contains an exec allowlist bypass vulnerability where matchesExecAllowlistPattern improperly normalizes patterns with lowercasing and glob matching that overmatches on POSIX paths. Attackers can exploit the ? wildcard matching across path segments to execute commands or...

Caddy 安全漏洞

Caddy is an open-source, cross-platform HTTP/Web server developed by the Caddy company. Versions of Caddy prior to 2.11.1 contained security vulnerabilities. These vulnerabilities stemmed from defects in the FastCGI path segmentation logic when handling Unicode, which could lead to path confusion...

FrankenPHP 安全漏洞

FrankenPHP is an open-source PHP application server developed by phpnet. Versions of FrankenPHP prior to 1.11.2 contained security vulnerabilities. These vulnerabilities stemmed from improper case conversion during CGI path segmentation when handling Unicode characters, which could lead to the...

CVE-2026-0976 Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths

A flaw was found in Keycloak. This improper input validation vulnerability occurs because Keycloak accepts RFC-compliant matrix parameters in URL path segments, while common reverse proxy configurations may ignore or mishandle them. A remote attacker can craft requests to mask path segments,...