Lucene search
K

6 matches found

RedhatCVE
RedhatCVE
added 2026/04/22 1:22 a.m.6 views

CVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References1
Snyk
Snyk
added 2026/04/21 3:16 p.m.9 views

Access Control Bypass

Overview @gitlawb/openclaude is an OpenClaude opens coding-agent workflows to any LLM — OpenAI, Gemini, DeepSeek, Ollama, and 200+ models Affected versions of this package are vulnerable to Access Control Bypass via the bashToolHasPermission function. An attacker can access or modify files outsid...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References3
EUVD
EUVD
added 2026/04/21 3:16 p.m.6 views

EUVD-2026-23988

OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal...

8.4CVSS5.7AI score0.00232EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2026/04/21 3:16 p.m.9 views

OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal

A logic flaw exists in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter checkPathConstraints is ever...

8.4CVSS5.9AI score0.00232EPSS
Exploits2References4Affected Software1
NVD
NVD
added 2026/04/21 12:16 a.m.8 views

CVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

8.4CVSS0.00232EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2026/04/20 11:24 p.m.4 views

CVE-2026-35570

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is...

8.4CVSS5.8AI score0.00232EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder