CVE-2026-35636

MEDIUM 6.5

OpenClaw 2026.3.11 < 2026.3.25 - Session Isolation Bypass via sessionId Resolution

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

8th

OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions.

CWE	CWE-696
Vendor	openclaw
Product	openclaw
Published	Apr 9, 2026
Last Updated	Apr 13, 2026

Stay Ahead of the Next One

Get instant alerts for openclaw openclaw

Be the first to know when new medium vulnerabilities affecting openclaw openclaw are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

OpenClaw / OpenClaw

2026.3.11 < *

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2 github.com: https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de vulncheck.com: https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution

Credits

🔍 Nathan (@nexrin) KeenSecurityLab