EUVD-2026-23988
GHSA-m6rx-7pvw-2f73
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
Lifecycle Timeline
3DescriptionNVD
OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in bashToolHasPermission() inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately - before the path constraint filter (checkPathConstraints) is ever evaluated. This allows commands containing path traversal sequences (e.g., ../../../../../etc/passwd) to bypass directory restrictions entirely. Version 0.5.1 contains a patch for the issue.
AnalysisAI
Path traversal in OpenClaude CLI versions before 0.5.1 allows local authenticated users to bypass sandbox directory restrictions and access arbitrary filesystem paths. A logic flaw in the bash permission handler causes path constraint checks to be skipped when sandbox auto-allow is enabled without explicit deny rules, permitting traversal sequences like '../../../etc/passwd' to escape containment boundaries. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running OpenClaude CLI 0.5.0 or earlier and disable auto-allow mode in all configurations. Within 7 days: Restrict OpenClaude CLI usage to single-user, isolated environments or air-gapped systems; implement file system access controls to limit CLI process permissions to only required directories. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today