Command Execution Vulnerability in OpenClaude by Gitlawb
CVE-2026-42074

9.3CRITICAL

Key Information:

Vendor

Gitlawb

Status
Openclaude
Vendor
CVE Published:
2 June 2026

What is CVE-2026-42074?

A vulnerability in OpenClaude exposed the dangerouslyDisableSandbox parameter within the BashTool input schema before version 0.5.1. This exposure allowed an untrusted entity to manipulate its value, in conjunction with the default setting allowing unsandboxed commands, leading to a high risk of full host-level code execution through prompt injection. The issue has been addressed in version 0.5.1, which is critical for users to upgrade to in order to safeguard their systems.

Affected Version(s)

openclaude < 0.5.1

References

https://github.com/Gitlawb/openclaude/security/advisories...
x_refsource_CONFIRM
https://github.com/Gitlawb/openclaude/pull/778
x_refsource_MISC
https://github.com/Gitlawb/openclaude/commit/aab489055c53...
x_refsource_MISC

CVSS V4

Score:
9.3
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.