Description
OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.
Published: 2026-04-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Spoofed Terminal Output
Action: Apply Patch
AI Analysis

Impact

The flaw allows ANSI escape sequences to be injected into OpenClaw’s approval prompts and permission logs. When an attacker supplies or alters tool metadata that contains malicious control characters, the terminal output can be manipulated. This can mislead users, obscuring the true state of permissions or disguising malicious actions. The underlying weakness lies in the incorrect validation of control characters (CWE‑150).

Affected Systems

OpenClaw versions 2026.2.13 through 2026.3.24 are affected. The product runs on Node.js and is identified by the CPE string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:* . Any deployment using these releases is susceptible unless the tool metadata is trusted or sanitized.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate risk. No EPSS data is available, and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is an adversary who can influence tool metadata – for example, through a compromised package or an exploited import – thereby injecting ANSI escape sequences. The effect is loss of trust in terminal displays and logs, potentially leading to user deception or unintended approval of operations.

Generated by OpenCVE AI on April 10, 2026 at 17:52 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to 2026.3.25 or later to eliminate the flaw.
  • Sanitize or strip ANSI escape sequences from any tool metadata before it is passed to OpenClaw.
  • Restrict or disable approval prompts when handling untrusted tool metadata until the fix is applied.
  • Monitor terminal output and approval logs for unexpected control sequences as an additional check.

Generated by OpenCVE AI on April 10, 2026 at 17:52 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-4hmj-39m8-jwc7 OpenClaw has ACP CLI approval prompt ANSI escape sequence injection
History

Tue, 14 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles.
Title OpenClaw 2026.2.13 < 2026.3.25 - ANSI Escape Sequence Injection in Approval Prompt
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-150
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-14T14:29:29.531Z

Reserved: 2026-04-04T12:31:23.534Z

Link: CVE-2026-35651

cve-icon Vulnrichment

Updated: 2026-04-14T14:29:24.897Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:05.803

Modified: 2026-04-13T21:05:33.843

Link: CVE-2026-35651

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:53Z

Weaknesses