Ghostwire

CVE-2026-35651: OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval...

MEDIUM CVSS 5.5 EPSS 0.03%

Published: April 10, 2026 | Last Modified: April 10, 2026

Description

OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.

Ghostwire Analysis — What This Means Practically

Exploitation Probability (EPSS): Low — 0.03% (8th percentile)

Low exploitation probability based on current threat landscape data. Standard patching timeline is appropriate.

Medium CVSS score indicates moderate risk — exploitation requires specific conditions or results in limited impact.

This analysis is generated by Ghostwire from NVD, CISA KEV, EPSS, and open-source intelligence data. Verify findings through primary sources before acting.

CVE-2026-35651: OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval...

Description

Ghostwire Analysis — What This Means Practically

Security Coverage (1 articles)

References