UNKNOWNCVE-2026-32918
OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool
Platform
other
Component
openclaw
Fixed in
2026.3.11
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.
How to fix
Actualice OpenClaw a la versión 2026.3.11 o posterior. Esta versión corrige la vulnerabilidad de escape de sandbox de sesión en la herramienta session_status, impidiendo que los subagentes en sandbox accedan al estado de la sesión principal o de las sesiones hermanas.
Monitor your dependencies automatically
Get notified when new vulnerabilities affect your projects. Free forever.
Start free