CVE-2026-42074

Name of the Vulnerable Software and Affected Versions openclaude versions prior to 0.5.1

Description A security issue exists where the dangerouslyDisableSandbox parameter is exposed within the BashTool input schema. This allows a Large Language Model (LLM), which is considered an untrusted principal, to set this parameter to true in a tool use response. When combined with the default setting allowUnsandboxedCommands: true, a model subject to prompt injection can bypass the sandbox boundary. This enables the execution of arbitrary commands directly on the host system, leading to full host-level code execution. The issue is rooted in the shouldUseSandbox() function, which fails to properly restrict this security-critical flag from model control.

Recommendations Update to version 0.5.1 or later. As a temporary mitigation, set the allowUnsandboxedCommands configuration setting to false to ensure the sandbox remains active regardless of the model's input.