Christos-Eth

**Name of the Vulnerable Software and Affected Versions** Astro versions 2.10.10 through 5.18.0 **Description** Astro’s remotePatterns path enforcement for remote URLs used by server-side fetchers, such as the image optimization endpoint, is affected by an issue. The path matching logic for /* wildcards is unanchored, allowing a pathname containing the allowed prefix later in the path to still match. This can allow an attacker to fetch paths outside the intended allowlisted prefix on an otherwise allowed host. **Recommendations** Update to version 5.18.1 or later.

**Name of the Vulnerable Software and Affected Versions** openclaw versions prior to 2026.2.14 **Description** The OpenClaw exec-approvals allowlist validation checks tokens before expansion, but execution uses shell expansion. This allows safe binaries like head, tail, or grep to read arbitrary local files through glob patterns or environment variables. An authorized caller or prompt-injection attack can exploit this to disclose files readable by the gateway or node process when host execution is enabled in allowlist mode. The issue is configuration-dependent and is not exercised by default settings. The vulnerable component uses the `sh -c` shell for execution. **Recommendations** Update to version 2026.2.14 or later.

**Name of the Vulnerable Software and Affected Versions** OpenClaw versions 2026.2.13 and earlier **Description** An allowlist bypass exists in the OpenClaw npm package. This flaw causes a mismatch between the commands that are verified and the commands that are actually executed, potentially leading to the execution of unwanted commands and a compromise of security. The issue stems from a logic decoupling where the code appears correct but functions incorrectly. Static analysis may fail to detect this type of vulnerability, as it focuses on syntax rather than intent. The `system(.)run` function is specifically mentioned as a potential entry point for exploitation. **Recommendations** Versions prior to 2026.2.14 should be updated to version 2026.2.14 or later. Stop relying on regular expressions for command validation. Avoid security checks that look at Variable A while the execution engine runs Variable B, as this creates a logic gap.