4 matches found
GHSA-HH43-Q692-2XMQ Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references. Original Description OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows...
EUVD-2026-16999
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32918
OpenClaw is affected by a session sandbox escape in the session_status tool (CVE-2026-32918). The vulnerability allows sandboxed subagents to access parent or sibling session state by supplying arbitrary sessionKey values, enabling reading or modification of session data outside the sandbox, incl...