CVE-2026-35570: OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal

April 21, 2026

A logic flaw exists in bashToolHasPermission() inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter (checkPathConstraints) is ever evaluated. This allows commands containing path traversal sequences (e.g., ../../../../../etc/passwd) to bypass directory restrictions entirely.

References

github.com/Gitlawb/openclaude
github.com/Gitlawb/openclaude/commit/7002cb302b78ea2a19da3f26226de24e2903fa1d
github.com/Gitlawb/openclaude/security/advisories/GHSA-m6rx-7pvw-2f73
github.com/advisories/GHSA-m6rx-7pvw-2f73
nvd.nist.gov/vuln/detail/CVE-2026-35570

Code Behaviors & Features

Detect and mitigate CVE-2026-35570 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →