CVE-2026-35636

MEDIUM

OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution

Title source: cna

Description

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.

References (3)

Core 3

Core References

Third Party Advisory third-party-advisory

GitHub Security Advisory (GHSA-q2qc-744p-66r2)

https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2

Patch patch

Patch Commit

https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de

View Patch ZIP pw:eip

Third Party Advisory third-party-advisory

VulnCheck Advisory: OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution

https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution

Scores

CVSS v3 6.5

EPSS 0.0026

EPSS Percentile 17.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-696

Status published

Products (4)

OpenClaw/OpenClaw 2026.3.11

openclaw/openclaw 2026.3.11 - 2026.3.25

OpenClaw/OpenClaw 2026.3.11 - 2026.3.25

OpenClaw/OpenClaw 2026.3.25

Published Apr 09, 2026

Tracked Since Apr 10, 2026