CVE-2026-35570

Name of the Vulnerable Software and Affected Versions OpenClaude versions prior to 0.5.1

Description A logic flaw exists in the bashToolHasPermission() function within the src/tools/BashTool/bashPermissions.ts file. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately. This occurs before the checkPathConstraints filter is evaluated, allowing commands containing path traversal sequences, such as '../../../../../etc/passwd', to bypass directory restrictions. This can lead to the reading or writing of arbitrary files outside the sandbox boundary, defeating filesystem isolation.

Recommendations Update to version 0.5.1. As a temporary workaround, restrict the use of the bashToolHasPermission() function or disable the sandbox auto-allow feature until the update is applied.