CVE-2026-35636

MEDIUM

OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution

Title source: cna

Description

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.

References (3)

[Third Party Advisory] https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2

[Patch] https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de

View Patch ZIP pw:eip

[Third Party Advisory] https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution

Scores

CVSS v3 6.5

EPSS 0.0003

EPSS Percentile 10.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-696

Status published

Products (2)

OpenClaw/OpenClaw 2026.3.11

openclaw/openclaw 2026.3.11 - 2026.3.25

Published Apr 09, 2026

Tracked Since Apr 10, 2026