3 matches found
CVE-2026-35570
CVE-2026-35570 affects the OpenClaude project. A logic flaw in the function bashToolHasPermission() (in src/tools/BashTool/bashPermissions.ts) causes an early exit with an allow decision when sandbox auto-allow is enabled and no explicit deny rule exists, bypassing the path constraint check (chec...
CVE-2026-42074
OpenClaude
CVE-2026-42073
Summary: CVE-2026-42073 affects OpenClaude MCP OAuth callback flow. A logic flaw in the conditional order allows an attacker to bypass the CSRF state check when an error parameter is present, forcing the local OAuth callback server to shut down (DoS) without knowing the expected state. Affected c...