CVE-2026-35651— OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-35651
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
Source: NVD (National Vulnerability Database)
Vulnerability Description
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
转义、元或控制序列转义处理不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
OpenClaw 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
OpenClaw是OpenClaw开源的一个智能人工助理。 OpenClaw 2026.2.13至2026.3.24版本存在安全漏洞,该漏洞源于批准提示中存在ANSI转义序列注入,可能导致攻击者伪造终端输出。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2026-35651
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-35651
请登录查看更多情报信息。
Same Patch Batch · OpenClaw · 2026-04-10 · 29 CVEs total
| CVE-2026-35669 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Gateway Plugin HTTP Authentication Scope |
| CVE-2026-35666 | 8.8 HIGH | OpenClaw < 2026.3.22 - Allowlist Bypass via Unregistered Time Dispatch Wrapper |
| CVE-2026-35643 | 8.8 HIGH | OpenClaw < 2026.3.22 - Arbitrary Code Execution via Unvalidated WebView JavascriptInterfac |
| CVE-2026-35663 | 8.8 HIGH | OpenClaw < 2026.3.25 - Privilege Escalation via Backend Reconnect Scope Self-Claim |
| CVE-2026-35660 | 8.1 HIGH | OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset |
| CVE-2026-35653 | 8.1 HIGH | OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request |
| CVE-2026-35641 | 7.8 HIGH | OpenClaw < 2026.3.24 - Arbitrary Code Execution via .npmrc in Local Plugin/Hook Installati |
| CVE-2026-35668 | 7.7 HIGH | OpenClaw < 2026.3.24 - Sandbox Media Root Bypass via Unnormalized mediaUrl and fileUrl Par |
| CVE-2026-35650 | 7.5 HIGH | OpenClaw < 2026.3.22 - Environment Variable Override Bypass via Inconsistent Sanitization |
| CVE-2026-35656 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - XFF Loopback Spoofing Bypass in Canvas Authentication and Rate Limi |
| CVE-2026-35621 | 6.5 MEDIUM | OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence |
| CVE-2026-35649 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Settings Reconciliation Bypass via Empty Allowlist |
| CVE-2026-35652 | 6.5 MEDIUM | OpenClaw < 2026.3.22 - Unauthorized Action Execution via Callback Dispatch |
| CVE-2026-35657 | 6.5 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route |
| CVE-2026-35658 | 6.5 MEDIUM | OpenClaw < 2026.3.2 - Filesystem Boundary Bypass in Image Tool |
| CVE-2026-35667 | 6.1 MEDIUM | OpenClaw < 2026.3.24 - Improper Process Termination via Unpatched killProcessTree in shell |
| CVE-2026-35670 | 5.9 MEDIUM | OpenClaw < 2026.3.22 - Webhook Reply Rebinding via Username Resolution in Synology Chat |
| CVE-2026-35655 | 5.7 MEDIUM | OpenClaw < 2026.3.22 - Identity Spoofing via rawInput Tool in ACP Permission Resolution |
| CVE-2026-35620 | 5.4 MEDIUM | OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands |
| CVE-2026-35654 | 5.3 MEDIUM | OpenClaw < 2026.3.25 - Authorization Bypass in Microsoft Teams Feedback Invoke |
Showing top 20 of 29 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same product: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same vendor: OpenClaw
- CVE-2026-44118
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Tok - CVE-2026-44116
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo P - CVE-2026-44117
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot - CVE-2026-44115
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted He - CVE-2026-44114
OpenClaw < 2026.4.20 - Environment Variable Namespace Collis
Same weakness: CWE-150
- CVE-2026-41526
KCoreAddons 安全漏洞 - CVE-2026-6019
BaseCookie.js_output() does not neutralize embedded characte - CVE-2026-40505
MuPDF < 1.27 mutool ANSI Injection via Metadata - CVE-2026-26149
Microsoft Power Apps Desktop Client Spoofing Vulnerability - CVE-2026-3108
Terminal Escape Injection in mmctl Report Posts Command
V. Comments for CVE-2026-35651
No comments yet