CVE-2026-35651

CVSS v3.1

4.3

Medium

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-150

Related Identifiers

CVE-2026-35651

Affected Products

Openclaw

CVE-2026-35651

Weakness Enumeration

Related Identifiers

Affected Products

References · 4