OpenClaude Path Traversal Bypasses Sandbox Controls
The National Vulnerability Database has detailed CVE-2026-35570, a high-severity logic flaw in OpenClaude, an open-source coding-agent CLI. The vulnerability, rated 8.4 CVSS, specifically impacts versions prior to 0.5.1. It stems from a flaw in the bashToolHasPermission() function within src/tools/BashTool/bashPermissions.ts.
When OpenClaude’s sandbox auto-allow feature is active and no explicit deny rules are configured, the function prematurely grants permission. This bypasses the critical checkPathConstraints filter. Consequently, an attacker can execute commands containing path traversal sequences, such as ../../../../../etc/passwd, to escape intended directory restrictions and potentially access sensitive files or execute arbitrary commands outside the sandbox.
This flaw highlights a common security pitfall: assuming default configurations provide adequate protection. Defenders relying on OpenClaude for development or automation workflows must understand that an active auto-allow feature, without explicit deny rules, renders path constraints ineffective. Version 0.5.1 contains the necessary patch, making immediate upgrades critical to prevent unauthorized system access.
What This Means For You
- If your organization uses OpenClaude, you are exposed. Check your deployed versions immediately. Any instance prior to 0.5.1 is vulnerable to path traversal, allowing an attacker to escape sandbox restrictions and potentially access sensitive system files or execute arbitrary code. Prioritize patching to version 0.5.1 without delay.
Related ATT&CK Techniques
🛡️ Detection Rules
3 rules · 6 SIEM formats3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.
CVE-2026-35570 - OpenClaude Path Traversal to Sensitive File Read
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2026-35570 | Path Traversal | OpenClaude versions prior to 0.5.1 |
| CVE-2026-35570 | Logic Flaw | OpenClaude `bashToolHasPermission()` function in `src/tools/BashTool/bashPermissions.ts` |
| CVE-2026-35570 | Path Traversal | Bypass of directory restrictions using path traversal sequences (e.g., `../../../../../etc/passwd`) when sandbox auto-allow is active and no explicit deny rule is configured. |
Written by SCW Vulnerability Desk
Source & Attribution
| Source Platform | NVD |
| Channel | National Vulnerability Database |
| Published | April 21, 2026 at 03:16 UTC |
This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.
Believe this infringes your rights? Submit a takedown request.
Related Posts
CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns
CVE-2026-6675 — The Responsive Blocks – Page Builder for Blocks & Patterns plugin for WordPress is vulnerable to Unauthenticated Open Email Relay in all versions...
CVE-2026-6674 — SQL Injection
CVE-2026-6674 — The Plugin: CMS für Motorrad Werkstätten plugin for WordPress is vulnerable to SQL Injection via the 'arttype' parameter in all versions up to,...
FreeScout CSS Injection Allows Privilege Escalation
CVE-2026-40497 — FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, FreeScout's `Helper::stripDangerousTags()` removes ``, ``, ``, `` but does...