CVE-2026-35651
ANSI Escape Sequence Injection in OpenClaw Approval Prompts Enables Spoofing
Publication date: 2026-04-10
Last updated on: 2026-04-13
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | From 2026.2.13 (inc) to 2026.3.25 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-150 | The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could be interpreted as escape, meta, or control character sequences when they are sent to a downstream component. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-35651 is an ANSI escape sequence injection vulnerability found in OpenClaw versions 2026.2.13 through 2026.3.24. It occurs in the approval prompt feature where untrusted tool metadata, specifically tool titles, can include malicious ANSI control sequences. These sequences are injected into approval prompts and permission logs, allowing attackers to spoof or manipulate terminal output. This means attackers can alter what users see in terminal prompts or logs by injecting control characters that change the display.
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to manipulate the terminal output during approval prompts and permission logs. Specifically, attackers can inject ANSI escape sequences that spoof or alter displayed information, potentially misleading users during permission approval processes. This could cause users to approve malicious actions or overlook important security warnings because the displayed information has been tampered with. The impact is primarily on the integrity of displayed information, with no direct confidentiality or availability impact.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves ANSI escape sequence injection in approval prompts caused by untrusted tool metadata carrying malicious ANSI control sequences. Detection involves monitoring terminal outputs and permission logs for suspicious or unexpected ANSI escape sequences that could manipulate displayed information.
Since the issue is related to injected ANSI control sequences in tool titles, you can inspect approval prompts and permission logs for unusual escape sequences or spoofed terminal output.
Commands to detect suspicious ANSI escape sequences could include searching logs or terminal outputs for escape characters such as \u001b (ESC) or sequences starting with ESC followed by '[' (CSI sequences). For example, using grep to find escape sequences in logs:
- grep -P '\x1b\[' /path/to/approval_prompts.log
- grep -P '\x1b' /path/to/permission_logs.log
Additionally, monitoring for unexpected or malformed tool titles in approval prompts can help identify attempts to exploit this vulnerability.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade OpenClaw to version 2026.3.25 or later, where the vulnerability has been fixed by sanitizing tool titles to strip or escape ANSI escape sequences and other control characters.
This update includes sanitization of terminal tool titles in approval prompts and permission logs, preventing injection of malicious escape codes that could spoof terminal output.
Until the update is applied, avoid using untrusted or suspicious tool metadata that could contain ANSI control sequences, and monitor terminal outputs and logs for suspicious escape sequences.
If upgrading immediately is not possible, consider implementing additional input sanitization or filtering on tool metadata before it is used in approval prompts or logs.