5 matches found
CVE-2026-41371
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin sco...
PT-2026-35559
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28 Description Improper authorization checks in the 'chat.send' path allow write-scoped gateway callers to perform admin-only session reset operations. This enables attackers to rotate target sessions, archive...
CVE-2026-41344
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
CVE-2026-41344
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...
CVE-2026-41344 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter
OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped gateway callers to persist admin-only verboseLevel session overrides. Attackers can exploit the /verbose parameter to bypass access controls and expose sensitive reasoning or...