{"data":{"id":"6df38fcf-ce8a-49f5-a01d-a9408c489f63","title":"GHSA-m77w-p5jj-xmhg: OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input","summary":"OpenClaude's BashTool exposes a `dangerouslyDisableSandbox` parameter that an LLM can control, allowing it to bypass the sandbox (a restricted execution environment) and run arbitrary commands on the host system. The vulnerability exists because this security-critical flag defaults to allowing unsandboxed commands, contradicting the project's own threat model which states the LLM should not be trusted.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://github.com/advisories/GHSA-m77w-p5jj-xmhg","publishedAt":"2026-05-12T16:17:59.000Z","cveId":"CVE-2026-42074","cweIds":null,"cvssScore":null,"cvssSeverity":"critical","severity":"critical","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":["openclaude@< 0.5.1 (fixed: 0.5.1)"],"affectedVendors":[],"affectedVendorsRaw":["OpenClaude"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":true,"disclosureDate":"2026-05-12T16:17:59.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}