OpenClaw ControlScope Restriction Bypass Vulnerability in Send Action
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.3.22, where the send action does not properly enforce controlScope restrictions. This flaw allows leaf subagents to communicate with controlled child sessions beyond their authorized scope, bypassing intended access controls. The issue arises because the send action can be used to message child sessions without adequate scope validation.
Impact
Exploitation of this vulnerability allows for unauthorized messaging between subagents and their controlled child sessions, potentially leading to misuse of the communication channels and disruption of intended session management.
Reproduction
The vulnerability can be reproduced by creating a leaf subagent that sends a message to a controlled child session. The subagent can bypass controlScope restrictions and communicate with the child session, even if it does not have the proper authorization.
Remediation
Users can update to OpenClaw version 2026.3.22 or later, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.