Executive Summary

CVE-2026-35651 is an ANSI escape sequence injection vulnerability found in OpenClaw versions 2026.2.13 through 2026.3.24. It occurs in the approval prompt feature where untrusted tool metadata, specifically tool titles, can include malicious ANSI control sequences. These sequences are injected into approval prompts and permission logs, allowing attackers to spoof or manipulate terminal output. This means attackers can alter what users see in terminal prompts or logs by injecting control characters that change the display.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can impact you by allowing attackers to manipulate the terminal output during approval prompts and permission logs. Specifically, attackers can inject ANSI escape sequences that spoof or alter displayed information, potentially misleading users during permission approval processes. This could cause users to approve malicious actions or overlook important security warnings because the displayed information has been tampered with. The impact is primarily on the integrity of displayed information, with no direct confidentiality or availability impact.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability involves ANSI escape sequence injection in approval prompts caused by untrusted tool metadata carrying malicious ANSI control sequences. Detection involves monitoring terminal outputs and permission logs for suspicious or unexpected ANSI escape sequences that could manipulate displayed information.

Since the issue is related to injected ANSI control sequences in tool titles, you can inspect approval prompts and permission logs for unusual escape sequences or spoofed terminal output.

Commands to detect suspicious ANSI escape sequences could include searching logs or terminal outputs for escape characters such as \u001b (ESC) or sequences starting with ESC followed by '[' (CSI sequences). For example, using grep to find escape sequences in logs:

• grep -P '\x1b\[' /path/to/approval_prompts.log
• grep -P '\x1b' /path/to/permission_logs.log

Additionally, monitoring for unexpected or malformed tool titles in approval prompts can help identify attempts to exploit this vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.25 or later, where the vulnerability has been fixed by sanitizing tool titles to strip or escape ANSI escape sequences and other control characters.

This update includes sanitization of terminal tool titles in approval prompts and permission logs, preventing injection of malicious escape codes that could spoof terminal output.

Until the update is applied, avoid using untrusted or suspicious tool metadata that could contain ANSI control sequences, and monitor terminal outputs and logs for suspicious escape sequences.

If upgrading immediately is not possible, consider implementing additional input sanitization or filtering on tool metadata before it is used in approval prompts or logs.

Useful 0 Not Useful 0

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Useful 0 Not Useful 0