![[openclaw] OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths](/assets/images/github_com_1773619484723.png)
Security Advisories์ถ์ฒ: GitHub Security Advisories์กฐํ์ 3
[openclaw] OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths
By GitHub2026๋
3์ 14์ผ
**[openclaw] OpenClaw: Exec approval allowlist patterns overmatched on POSIX paths**
Summary matchesExecAllowlistPattern normalized patterns and targets with lowercasing and compiled glob matching too broadly on POSIX. wildcard could match /, which allowed matches to cross path segments. Impact These matching rules could overmatch allowlist entries and permit commands or executable paths that an operator did not intend to approve. Affected versions openclaw <= 2026.3.8 Patch Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. Exec allowlist matching now respects the intended path semantics, and regression tests cover the POSIX case-folding and slash-crossing cases...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.
Summary matchesExecAllowlistPattern normalized patterns and targets with lowercasing and compiled glob matching too broadly on POSIX. wildcard could match /, which allowed matches to cross path segments. Impact These matching rules could overmatch allowlist entries and permit commands or executable paths that an operator did not intend to approve. Affected versions openclaw <= 2026.3.8 Patch Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. Exec allowlist matching now respects the intended path semantics, and regression tests cover the POSIX case-folding and slash-crossing cases...
---
**[devsupporter ํด์ค]**
์ด ๊ธฐ์ฌ๋ GitHub Security Advisories์์ ์ ๊ณตํ๋ ์ต์ ๊ฐ๋ฐ ๋ํฅ์ ๋๋ค. ๊ด๋ จ ๋๊ตฌ๋ ๊ธฐ์ ์ ๋ํด ๋ ์์๋ณด์๋ ค๋ฉด ์๋ณธ ๋งํฌ๋ฅผ ์ฐธ๊ณ ํ์ธ์.