Primary

Context

OpenClaw Session Sandbox Escape Vulnerability in session_status Tool

Vulnerability

A session sandbox escape vulnerability has been identified in OpenClaw versions prior to 2026.3.11. This vulnerability allows sandboxed subagents to access the session state of parent or sibling sessions through the session_status tool. By supplying arbitrary sessionKey values, attackers can read or modify session data outside their designated sandbox, including changes to persisted model overrides.

Impact

Exploitation of this vulnerability enables a sandboxed child session to access and manipulate data from parent or sibling sessions, with the potential to alter persisted model overrides in the targeted session.

Remediation

Users can upgrade to OpenClaw version 2026.3.11 or later to address this vulnerability. The patch is included in version 2026.3.12.

Added: Mar 29, 2026, 1:27 PM

Updated: Mar 29, 2026, 1:27 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.7

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

2.7

remediation

0.0

relevance

4.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Session Sandbox Escape Vulnerability in session_status Tool

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating