DEV Community

CVE Reports
CVE Reports

Posted on • Originally published at cvereports.com

GHSA-Q2QC-744P-66R2: GHSA-Q2QC-744P-66R2: OpenClaw session_status Sandbox Bypass via sessionId Resolution

#security #cve #cybersecurity #ghsa

GHSA-Q2QC-744P-66R2: OpenClaw session_status Sandbox Bypass via sessionId Resolution

Vulnerability ID: GHSA-Q2QC-744P-66R2
CVSS Score: 6.5
Published: 2026-03-29

The OpenClaw AI personal assistant framework contains an authorization bypass in the session_status tool. A logic flaw in input resolution allows sandboxed subagents to query the status of parent or sibling sessions, circumventing intended visibility restrictions.

TL;DR

OpenClaw versions 2026.3.11 through 2026.3.24 fail to properly apply visibility guards when resolving sessionId aliases in the session_status tool, leading to sandbox escapes and unauthorized metadata disclosure.

⚠️ Exploit Status: POC

Technical Details

  • CWE ID: CWE-285, CWE-639
  • Attack Vector: Local / Sandboxed Environment
  • Impact: Unauthorized Information Disclosure
  • Exploit Status: Proof of Concept Available
  • CVSS Score: 6.5
  • Fix Commit: d9810811b6c3c9266d7580f00574e5e02f7663de

Affected Systems

  • OpenClaw Framework
  • OpenClaw session_status tool
  • openclaw: >= 2026.3.11, <= 2026.3.24 (Fixed in: 2026.3.25)

Code Analysis

Commit: d981081

Fix session_status visibility guard bypass during sessionId resolution

Exploit Details

  • Test Suite PoC: Proof of concept code included in the repository test suite demonstrating sandbox bypass.

Mitigation Strategies

  • Upgrade the openclaw npm package to a patched version (2026.3.26+).
  • Disable the session_status tool for sandboxed agents via configuration overrides.
  • Monitor agent execution traces for session_status calls utilizing alias formats.

Remediation Steps:

  1. Identify all deployments of the OpenClaw framework in your environment.
  2. Check the installed version of the openclaw package using your package manager.
  3. Update the openclaw dependency to version 2026.3.26 in package.json.
  4. Execute npm install or equivalent command to apply the updated package.
  5. Restart the OpenClaw service to ensure the patched logic is loaded.

References

Read the full report for GHSA-Q2QC-744P-66R2 on our website for more details including interactive diagrams and full exploit analysis.

Top comments (0)