What is CVE-2026-35570?

A high-severity logic flaw in Gitlawb's OpenClaude allows path traversal, leading to unauthorized file access. Organizations must prioritize patching to mitigate this risk.

What is the severity of CVE-2026-35570?

CVE-2026-35570 has a severity rating of HIGH with a CVSS base score of 8.4.

CVE-2026-35570 | High Vulnerability in Gitlawb OpenClaude

CVE-2026-35570 is a high-severity vulnerability affecting Gitlawb's OpenClaude, an open-source coding-agent command line interface for cloud and local model providers. The vulnerability arises from a logic flaw in the `bashToolHasPermission()` function located in `src/tools/BashTool/bashPermissions.ts`. Specifically, when the sandbox auto-allow feature is enabled without an explicit deny rule, the function prematurely returns an `allow` result, bypassing essential path constraint checks. This flaw can be exploited using path traversal sequences, such as `../../../../../etc/passwd`, enabling attackers to circumvent directory restrictions and gain unauthorized access to sensitive files.

The CVSS score for this vulnerability is 8.4, indicating a high severity level. The attack vector is local, with low complexity and low privileges required for exploitation. The potential impacts include high confidentiality and integrity risks, which could have serious implications for affected organizations. Given the nature of the flaw, organizations utilizing OpenClaude must take immediate action.

The vulnerability was published on April 21, 2026, and has been classified under several Common Weakness Enumerations (CWEs), specifically CWE-22 and CWE-284. Organizations should prioritize remediation efforts, especially since version 0.5.1 of OpenClaude contains a patch addressing this issue.

As of now, there is no known public exploit, but a proof of concept has been identified on GitHub. This elevates the urgency for organizations to address this vulnerability, as it reflects a high-profile risk that could be leveraged by attackers.

Organizations should prioritize patching immediately to mitigate risks associated with CVE-2026-35570.

To learn more about vulnerability management, organizations can refer to resources such as the vulnerability management program design guide.

In summary, CVE-2026-35570 poses a significant risk to organizations using Gitlawb's OpenClaude. Immediate patching is essential to prevent potential exploitation.

For further information on penetration testing and security assessments, organizations can explore our services, including penetration testing options.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE ID

Severity

CVE-2025-65418

HIGH

CVE-2025-65417

MEDIUM

CVE-2025-65416

MEDIUM

CVE-2025-65415

MEDIUM

CVE-2025-61314

HIGH

CVE-2026-35570: High Vulnerability in Gitlawb OpenClaude

Latest CVEs. Recently published vulnerabilities from the NVD database.

Protect Your Business with Hacker-Focused Approach.