CVE-2026-35636

HIGH EPSS 17.2%
Published Apr 9, 20262mo ago · Modified Jun 17, 20262w ago
7.1 CVSS 4.0
High
Find Similar
Published Apr 9, 2026 2mo ago
Last Modified Jun 17, 2026 2w ago

Description

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.

CVSS Details

Base Score
7.1
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
17.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-696

Affected Products 1

VendorProductVersionRange
openclawopenclaw*≥2026.3.11  –  <2026.3.25

References 3

  • github.com https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de
    Patch
  • github.com https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2
    Vendor Advisory
  • vulncheck.com https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution
    Third Party Advisory

Remediation

  • github.com https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de
    Patch