CVE-2026-35636.yaml
1 info: 2 name: OpenClaw 3 cve: CVE-2026-35636 4 summary: OpenClaw session isolation bypass via sessionId resolution in session_status (versions 2026.3.11 - 2026.3.24) 5 details: >- 6 OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability 7 where session_status resolves sessionId to canonical session keys before enforcing visibility 8 checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that 9 should be blocked by explicit sessionKey restrictions. The fix in commit d9810811 enforces 10 visibility after sessionId resolution so sandboxed callers cannot escape their session tree. 11 Fixed in version 2026.3.25. 12 cvss: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 13 severity: MEDIUM 14 security_advise: Upgrade to OpenClaw version 2026.3.25 or later. The fix is in commit d9810811b6c3c9266d7580f00574e5e02f7663de which enforces session visibility checks after sessionId resolution. 15 references: 16 - https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de 17 - https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2 18 - https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution 19 rule: version >= "2026.3.11" && version < "2026.3.25" 20 references: 21 - https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de 22 - https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2 23 - https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution