Back to CVE List

CVE-2026-35636

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
6.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vulnerability Description

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-696
Source
NVD
Vendor
OpenClaw
Product
OpenClaw

External References

Discussion (0)

Add Comment

No comments yet. Be the first!