3 matches found
CVE-2026-35636
OpenClaw 2026.3.11–2026.3.24 contains a session isolation bypass where session_status resolves sessionId to canonical session keys before visibility checks, allowing sandboxed child sessions to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions. The descr...
CVE-2026-35636 OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution
OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where sessionstatus resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked...
GHSA-Q2QC-744P-66R2 OpenClaw: `session_status` sessionId resolution bypasses sandboxed session-tree visibility
Summary sessionstatus sessionId resolution bypasses sandboxed session-tree visibility Affected Packages / Versions - Package: openclaw - Affected versions: = 2026.3.11, = 2026.3.24 - First patched version: 2026.3.25 - Latest published npm version at verification time: 2026.3.24 Details...