OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal

Severity:: High

Description

A logic flaw exists in bashToolHasPermission() inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter (checkPathConstraints) is ever evaluated.

Recommendation

Update the @gitlawb/openclaude package to the latest compatible version. Followings are version details:

Affected version(s): < 0.5.1
Patched version(s): 0.5.1

References

GHSA-m6rx-7pvw-2f73
CVE-2026-35570
CWE-22
CWE-284
CAPEC-310
OWASP 2021-A1
OWASP 2021-A6

Related Issues

IPX Allows Path Traversal via Prefix Matching Bypass - CVE-2025-54387
OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS - CVE-2026-42073
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - lodash-amd - CVE-2026-2950
lodash vulnerable to Prototype Pollution via array path bypass in `_.unset` and `_.omit` - lodash-es - CVE-2026-2950

Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner

10 Secure Coding Best Practices to Follow in Every Project

Update Cheat Sheet for Developers

Tags:: npm; @gitlawb/openclaude

Anything's wrong? Let us know Last updated on April 21, 2026