GHSA-392f-ggf5-fp3c: OpenClaw: Unicode canonicalization drift in node metadata policy classification could broaden node allowlists

March 2, 2026

A paired node could supply Unicode-confusable platform or deviceFamily metadata that passed metadata pinning but classified differently for command policy resolution, broadening default node command allowlists.

References

github.com/advisories/GHSA-392f-ggf5-fp3c
github.com/openclaw/openclaw
github.com/openclaw/openclaw/security/advisories/GHSA-392f-ggf5-fp3c

Code Behaviors & Features

Detect and mitigate GHSA-392f-ggf5-fp3c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →