OpenClaw versions before 2026.3.28 contain an execution allowlist bypass vulnerability. The vulnerability occurs when the allow-always persistence feature fails to properly unwrap /usr/bin/script and similar wrapper commands before storing trust decisions. This flaw allows attackers to obtain user approval for one wrapped command and then persist trust for wrapper binaries that can execute different underlying programs. The vulnerability effectively bypasses security controls by exploiting the wrapper mechanism used by system utilities. Attackers can leverage this to execute unauthorized commands through trusted wrapper binaries.