OpenClaw versions before 2026.3.11 are vulnerable to a critical allowlist bypass that enables attackers to execute unauthorized commands by exploiting improper path normalization.

The function matchesExecAllowlistPattern improperly normalizes patterns using lowercasing and glob matching. Attackers can use the ? wildcard to match across path segments on POSIX systems, allowing them to execute paths and commands that were intended to be blocked by the operator's allowlist.

A successful bypass of the execution allowlist allows an attacker to run arbitrary binaries or scripts on the host system. Given the CVSS score of 9.8, this vulnerability poses a severe risk of full system compromise, as the primary defense mechanism against unauthorized execution is rendered ineffective.

Immediate Action: Upgrade OpenClaw to version 2026.3.11 or later to implement a more robust and secure allowlist matching mechanism.

Proactive Monitoring: Audit execution logs for any commands that do not strictly match the intended allowlist and look for the use of wildcard characters in execution requests.

Compensating Controls: Use OS-level security features like AppArmor or SELinux to restrict the binaries that the OpenClaw process is permitted to execute, regardless of application-level allowlists.

Public Exploit Available: false

The integrity of execution allowlists is vital for preventing unauthorized code execution. It is imperative to apply the 2026.3.11 update immediately to ensure that attackers cannot circumvent these critical security boundaries through pattern manipulation.