2 matches found
CVE-2026-35651
OpenClaw OpenClaw 2026.2.13 through 2026.3.24 contains an ANSI escape sequence injection vulnerability in approval prompts. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to spoof terminal output by manipulating displayed inf...
CVE-2026-32898
CVE-2026-32898 affects OpenClaw versions prior to 2026.2.23, specifically the ACP client. The issue is an authorization bypass where tool calls are auto-approved based on untrusted toolCall.kind metadata and permissive name heuristics. Attackers can bypass interactive approval prompts for read-cl...