42 matches found
CVE-2026-32918
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32915
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32918
OpenClaw is affected by a session sandbox escape in the session_status tool (CVE-2026-32918). The vulnerability allows sandboxed subagents to access parent or sibling session state by supplying arbitrary sessionKey values, enabling reading or modification of session data outside the sandbox, incl...
CVE-2026-32918 OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the sessionstatus tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including...
CVE-2026-32915
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...
CVE-2026-32915
OpenClaw contains a sandbox boundary bypass vulnerability affecting versions before 2026.3.11. A low‑privilege, sandboxed leaf subagent can access the subagent control surface and resolve against the parent requester scope instead of its own session tree, enabling steering or killing of sibling r...
CVE-2026-32915 OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface
OpenClaw before 2026.3.11 contains a sandbox boundary bypass vulnerability allowing leaf subagents to access the subagents control surface and resolve against parent requester scope instead of their own session tree. A low-privilege sandboxed leaf worker can steer or kill sibling runs and cause...
PT-2026-28447
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description OpenClaw before version 2026.3.11 contains a sandbox boundary bypass issue. This allows leaf subagents to access the subagents control surface and resolve against a parent requester scope instea...
PT-2026-28448
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11 Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker...
pentest-ai
pentest-ai Turn Claude Code into your offensive security re...
GHSA-X2CM-HG9C-MF5W OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
OpenClaw leaf subagents can bypass controlScope restrictions to send messages to child sessions
Summary Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children. Affected Packages / Versions - Package: openclaw npm - Affected: = 2026.3.22 - Latest released tag checked: v2026.3.23-2...
GHSA-WCXR-59V9-RXR8 `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Summary The built-in sessionstatus tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope. Impact This allowed a sandboxed child session to read parent or sibling sessi...
`OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Summary The built-in sessionstatus tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope. Impact This allowed a sandboxed child session to read parent or sibling sessi...
GHSA-4W7M-58CG-CMFF OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries
Summary In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree. Impact A low-privilege sandboxed leaf worker could steer or kill a sibling ru...
Authorization Bypass Through User-Controlled Key
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through improper authorization in the subagents control. An attacker can gain unauthorized access to sibling session controls by issuing...
PT-2026-29226
Name of the Vulnerable Software and Affected Versions OpenClaw versions 2026.3.7 through 2026.3.10 Description The software contains an authorization bypass issue where plugin subagent routes execute gateway methods using a synthetic operator client with extensive administrative permissions...
Spring AI Agentic Patterns (Part 4): Subagent Orchestration
Instead of one generalist agent doing everything, delegate to specialized agents. This keeps context windows focused—preventing the clutter that degrades performance. Task tool, part of the spring-ai-agent-utils toolkit, is a portable, model-agnostic Spring AI implementation inspired by Claude...