CVE-2026-35570

HIGH 8.4

OpenClaude has Sandbox Bypass via Early-Exit Logic Flaw that Allows Path Traversal

CVSS Score

8.4

EPSS Score

0.0%

EPSS Percentile

0th

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool/bashPermissions.ts`. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an `allow` result immediately — before the path constraint filter (`checkPathConstraints`) is ever evaluated. This allows commands containing path traversal sequences (e.g., `../../../../../etc/passwd`) to bypass directory restrictions entirely. Version 0.5.1 contains a patch for the issue.

CWE	CWE-22 CWE-284
Vendor	gitlawb
Product	openclaude
Published	Apr 20, 2026

Stay Ahead of the Next One

Get instant alerts for gitlawb openclaude

Be the first to know when new high vulnerabilities affecting gitlawb openclaude are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected Versions

Gitlawb / openclaude

< 0.5.1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73 github.com: https://github.com/Gitlawb/openclaude/commit/7002cb302b78ea2a19da3f26226de24e2903fa1d