Threat Advisory

OpenClaude Path Traversal Sandbox Bypass Vulnerability

Threat: Vulnerability
Targeted Region: Global
Alias: -
Targeted Sector: Technology & IT
Criticality: High
[subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-35570 with a CVSS score of 8.4 is a High-severity vulnerability affecting the npm/@gitlawb/openclaude package, specifically versions prior to 0.5.1. The issue arises from a logic flaw in `bashToolHasPermission` inside `src/tools/BashTool/bashPermissions.ts`, which returns an `allow` result immediately when the sandbox auto-allow feature is active and no explicit deny rule is configured, thereby bypassing directory restrictions and allowing path traversal sequences to execute. An attacker, with Local access, LOW privileges, and no user interaction required, can exploit this vulnerability to read arbitrary files outside the sandbox boundary, write to arbitrary paths, and fully defeat the filesystem isolation intended by the sandbox. This capability allows an attacker to compromise the confidentiality, integrity, and availability of the system, resulting in significant business impact and consequences if exploited, particularly in environments with sensitive data or high-security requirements.[/subscribe_to_unlock_form]

EXECUTIVE SUMMARY:

CVE-2026-35570 with a CVSS score of 8.4 is a High-severity vulnerability affecting the npm/@gitlawb/openclaude package, specifically versions prior to 0.5.1. The issue arises from a logic flaw in `bashToolHasPermission` inside `src/tools/BashTool/bashPermissions.ts`, which returns an `allow` result immediately when the sandbox auto-allow feature is active and no explicit deny rule is configured, thereby bypassing directory restrictions and allowing path traversal sequences to execute. An attacker, with Local access, LOW privileges, and no user interaction required, can exploit this vulnerability to read arbitrary files outside the sandbox boundary, write to arbitrary paths, and fully defeat the filesystem isolation intended by the sandbox. This capability allows an attacker to compromise the confidentiality, integrity, and availability of the system, resulting in significant business impact and consequences if exploited, particularly in environments with sensitive data or high-security requirements.[emaillocker id="1283"]

RECOMMENDATION:

We recommend you to update npm/@gitlawb/openclaude to version 0.5.1.

REFERENCES:

The following
reports contain further technical details:
https://github.com/advisories/GHSA-m6rx-7pvw-2f73

[/emaillocker]
crossmenu