Allow-always persistence did not unwrap /usr/bin/script and similar wrappers to the actual executed target before storing trust decisions.
A user approval for one wrapped command could persist trust for a wrapper binary that later executed a different underlying program.
src/infra/dispatch-wrapper-resolution.ts, src/infra/exec-wrapper-resolution.ts
<= 2026.3.24>= 2026.3.282026.3.28 contains the fix.Fixed by commit 83da3cfe31 (infra: unwrap script wrapper approval targets).
2026.3.28Exploitability
AV:LAC:LPR:LUI:RScope
S:UImpact
C:HI:HA:H7.3/CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H