Primary

Context

OpenClaw Authorization Bypass Vulnerability in HTTP Session History Route

Vulnerability

A vulnerability allowing authorization bypass has been identified in OpenClaw versions prior to 2026.3.25. The issue resides in the HTTP '/sessions/:sessionKey/history' route, where the 'operator.read' scope validation is skipped. This allows attackers to access session history without the necessary permissions by sending requests to the affected endpoint.

Impact

Exploitation of this vulnerability allows unauthorized access to session history, bypassing the required 'operator.read' permissions.

Reproduction

The vulnerability can be reproduced by sending an HTTP request to the '/sessions/:sessionKey/history' endpoint without including the 'operator.read' scope in the request headers. This can be done using a tool like Postman or curl, by omitting the necessary authorization scope while still providing a valid bearer token.

Remediation

Users can update to OpenClaw version 2026.3.25 or later to address this vulnerability.

Added: Apr 10, 2026, 6:15 PM

Updated: Apr 10, 2026, 6:15 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.3

remediation

0.0

relevance

5.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.3

remediation

0.0

relevance

5.6

threat

4.8

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Authorization Bypass Vulnerability in HTTP Session History Route

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating