Description
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.
Published: 2026-03-29
Score: 9.2 Critical
EPSS: n/a
KEV: No
Impact: Unauthorized Data Manipulation
Action: Patch Now
AI Analysis

Impact

OpenClaw versions before 2026.3.11 have a flaw in the session_status tool that lets a sandboxed subagent provide an arbitrary sessionKey and read or modify data that belongs to another session. This bypasses the intended sandbox boundary and can change persisted model overrides. The weakness is a failure to enforce proper access control for session data (CWE‑863).

Affected Systems

All installations of OpenClaw built on Node.js that use the session_status tool and are running a version older than 2026.3.11 are affected. Versions 2026.3.11 and newer are not impacted.

Risk and Exploitability

This vulnerability has a CVSS score of 9.2, classifying it as critical. The EPSS score is not available, and it is not listed in the CISA KEV catalog. The attack vector is likely local on systems where an attacker can execute the session_status tool, but if the tool is exposed over a network interface remote exploitation is possible. Successful use of arbitrary session keys can lead to unauthorized data access or modification, compromising confidentiality and integrity of session state.

Generated by OpenCVE AI on March 29, 2026 at 15:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.11 or newer.
  • If an update cannot be applied immediately, restrict or disable access to the session_status tool to prevent unauthorized usage.
  • Verify the upgrade by checking the application version or running a non‑invasive test command.
  • Audit existing session data and persisted model overrides for unauthorized changes.
  • Monitor system logs for abnormal invocation of the session_status tool or suspicious session activity.

Generated by OpenCVE AI on March 29, 2026 at 15:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 29 Mar 2026 13:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.
Title OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-863
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N'}

cvssV4_0

{'score': 9.2, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-29T12:44:21.433Z

Reserved: 2026-03-16T21:19:31.965Z

Link: CVE-2026-32918

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-29T13:17:00.173

Modified: 2026-03-29T13:17:00.173

Link: CVE-2026-32918

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-29T20:31:35Z

Weaknesses