OpenClaw Session Context Bypass Vulnerability in Delivery Queue Recovery

A vulnerability exists in OpenClaw versions 2026.4.10 prior to 2026.4.14, where the application fails to maintain session context during the recovery of the delivery queue for media replay. This oversight allows attackers to exploit the recovered queued outbound media, bypassing group tool policy enforcement and undermining channel media restrictions after a service restart or recovery.

Impact

Exploitation of this vulnerability could lead to a loss of group tool-policy context for media replay, allowing recovered queued outbound media to be dispatched without the original session context needed to enforce media policies, thereby weakening channel restrictions.

Reproduction

To reproduce this vulnerability, first, enqueue a media delivery with an associated session context that includes group tool-policy elements. After the media is queued, restart the OpenClaw service, which will trigger the delivery queue recovery process. Once the service is back up, the queued media will be replayed, but without the original session context, thus bypassing the group tool policy enforcement. This can be verified by checking the channel media restrictions, which should show a relaxation of the rules that were in place before the service restart.

Remediation

Users should upgrade to OpenClaw version 2026.4.14 or later, as this version includes the necessary fix. The latest npm release, 2026.4.14, already contains the update.