{"data":{"id":"ddb2d7f3-30c1-4ef6-812d-4d12a9d52647","title":"CVE-2026-35651: OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompt","summary":"OpenClaw versions 2026.2.13 through 2026.3.24 have an ANSI escape sequence injection vulnerability (a bug where attackers can sneak special terminal control codes into the system) in approval prompts that allows attackers to trick the terminal display by manipulating tool metadata. This means an attacker could use malicious tool names containing these control sequences to make false information appear in approval prompts and permission logs.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-35651","publishedAt":"2026-04-10T17:17:05.803Z","cveId":"CVE-2026-35651","cweIds":["CWE-150"],"cvssScore":"4.3","cvssSeverity":"medium","severity":"medium","attackType":["prompt_injection"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["OpenClaw"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-04-10T17:17:05.803Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":["AML.T0051"]}}