Vulnerability Details CVE-2026-35651
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 10.3%
CVSS Severity
CVSS v3 Score 4.3
References
Products affected by CVE-2026-35651
-
cpe:2.3:a:openclaw:openclaw:2026.2.13
-
cpe:2.3:a:openclaw:openclaw:2026.2.14
-
cpe:2.3:a:openclaw:openclaw:2026.2.15
-
cpe:2.3:a:openclaw:openclaw:2026.2.17
-
cpe:2.3:a:openclaw:openclaw:2026.2.17.2
-
cpe:2.3:a:openclaw:openclaw:2026.2.19
-
cpe:2.3:a:openclaw:openclaw:2026.2.19-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.19-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.21
-
cpe:2.3:a:openclaw:openclaw:2026.2.21-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.21-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.22
-
cpe:2.3:a:openclaw:openclaw:2026.2.22-1
-
cpe:2.3:a:openclaw:openclaw:2026.2.22-2
-
cpe:2.3:a:openclaw:openclaw:2026.2.23
-
cpe:2.3:a:openclaw:openclaw:2026.2.24
-
cpe:2.3:a:openclaw:openclaw:2026.2.25
-
cpe:2.3:a:openclaw:openclaw:2026.2.26
-
cpe:2.3:a:openclaw:openclaw:2026.2.61
-
cpe:2.3:a:openclaw:openclaw:2026.2.62
-
cpe:2.3:a:openclaw:openclaw:2026.2.63
-
cpe:2.3:a:openclaw:openclaw:2026.3.1
-
cpe:2.3:a:openclaw:openclaw:2026.3.11
-
cpe:2.3:a:openclaw:openclaw:2026.3.12
-
cpe:2.3:a:openclaw:openclaw:2026.3.13
-
cpe:2.3:a:openclaw:openclaw:2026.3.2
-
cpe:2.3:a:openclaw:openclaw:2026.3.22
-
cpe:2.3:a:openclaw:openclaw:2026.3.23
-
cpe:2.3:a:openclaw:openclaw:2026.3.23-2
-
cpe:2.3:a:openclaw:openclaw:2026.3.24
-
cpe:2.3:a:openclaw:openclaw:2026.3.7
-
cpe:2.3:a:openclaw:openclaw:2026.3.8