Description
OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions.
Published: 2026-04-10
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Access Control Bypass
Action: Patch
AI Analysis

Impact

OpenClaw versions that precede 2026.3.22 contain a flaw in the send action that fails to enforce the controlScope parameter, enabling leaf subagents to send messages to child sessions that lie outside their authorized scope. This bypass of the intended access control boundaries allows an attacker who can influence a subagent to communicate with sessions they should not be able to reach.

Affected Systems

The vulnerability affects the OpenClaw OpenClaw application in all releases prior to 2026.3.22. Any installation that has not been updated to at least version 2026.3.22 remains vulnerable.

Risk and Exploitability

The assigned CVSS score is 5.3, indicating a medium severity rating. No publicly disclosed exploit exists and the vulnerability is not listed in the CISA KEV catalog. While the input does not specify the exact attack vector, it can be inferred that an adversary would need the ability to trigger the send action from within the application—typically by controlling a subordinate agent or injecting a malicious subagent—to exploit the missing controlScope enforcement.

Generated by OpenCVE AI on April 10, 2026 at 18:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.3.22 or later

Generated by OpenCVE AI on April 10, 2026 at 18:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-x2cm-hg9c-mf5w OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
History

Fri, 10 Apr 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 10 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions.
Title OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-862
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-04-10T18:24:24.250Z

Reserved: 2026-04-04T12:31:57.498Z

Link: CVE-2026-35662

cve-icon Vulnrichment

Updated: 2026-04-10T18:24:16.349Z

cve-icon NVD

Status : Analyzed

Published: 2026-04-10T17:17:07.867

Modified: 2026-04-13T20:32:22.277

Link: CVE-2026-35662

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-13T13:00:41Z

Weaknesses