OpenClaude: Sandbox Bypass via Early-Exit Logic Flaw Allows Path Traversal
- Severity:
- High
Description
A logic flaw exists in bashToolHasPermission() inside src/tools/BashTool/bashPermissions.ts. When the sandbox auto-allow feature is active and no explicit deny rule is configured, the function returns an allow result immediately — before the path constraint filter (checkPathConstraints) is ever evaluated.
Recommendation
Update the @gitlawb/openclaude package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.5.1
- Patched version(s): 0.5.1
References
Related Issues
- IPX Allows Path Traversal via Prefix Matching Bypass - CVE-2025-54387
- OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS - CVE-2026-42073
- i18next-http-middleware: Prototype pollution and path traversal via user-controlled language and namespace parameters - CVE-2026-41690
- @mobilenext/mobile-mcp alllows arbitrary file write via Path Traversal in mobile screen capture tools - CVE-2026-33989
You might also like:
- Tags:
- npm
- @gitlawb/openclaude
Anything's wrong? Let us know Last updated on April 21, 2026


