OpenClaw Session Tool Visibility and Webhook Secret Configuration Vulnerability

A vulnerability in OpenClaw, a personal AI assistant, prior to version 2026.2.15, allowed for unintended broad session targeting in shared-agent deployments. This issue primarily affects multi-user environments with varying trust levels. The session tools 'sessions_list', 'sessions_history', and 'sessions_send' could access transcript content across different peer sessions, exposing sensitive information. Additionally, in Telegram webhook mode, the application did not properly use per-account webhook secrets when only the account-level secret was set, potentially leading to missed configurations.

Impact

In shared-agent, multi-user, less-trusted environments, the vulnerability could result in unauthorized access to session transcripts across peer sessions. In single-agent or trusted environments, the practical impact is limited. However, in Telegram webhook mode, the issue could cause a misconfiguration of webhook secrets, unless explicitly overridden.

Reproduction

The vulnerability can be reproduced by deploying OpenClaw in a shared-agent environment with multiple users who are not equally trusted. Use the session tools 'sessions_list', 'sessions_history', or 'sessions_send' to access session transcripts, which will expose content from across peer sessions. Additionally, configure the Telegram webhook with only the account-level secret and observe that the per-account webhook secret is not applied, unless an override is manually provided.

Remediation

Users can update to OpenClaw version 2026.2.15 or later, which addresses the vulnerability by scoping session tool visibility to the current session and its subagents, and by properly managing Telegram webhook secrets.