OpenClaw ANSI Escape Sequence Injection Vulnerability in Approval Prompts

A vulnerability allowing ANSI escape sequence injection has been identified in OpenClaw versions 2026.2.13 prior to 2026.3.25. This issue resides in the approval prompts of the ACP CLI, where untrusted tool metadata can introduce ANSI control sequences. Such sequences can manipulate terminal output, potentially leading to spoofed information in permission logs and approval prompts. The vulnerability arises because the application did not properly sanitize tool titles before they were displayed or logged.

Impact

Exploitation of this vulnerability allows for ANSI escape sequence injection, which can spoof terminal output by manipulating how information is displayed. This could lead to misrepresentation of data in approval prompts and permission logs, creating an opportunity for social engineering or misinformation.

Reproduction

To reproduce this vulnerability, use a version of OpenClaw between 2026.2.13 and 2026.3.24. Introduce an untrusted tool title that includes ANSI control sequences into an approval prompt. The injected sequences will be executed, altering the displayed output. This can be verified by observing the permission logs, which will reflect the spoofed information.

Remediation

Users can upgrade to OpenClaw version 2026.3.25 or later, where this vulnerability has been patched.