OpenClaw Security Envelope Constraint Bypass Vulnerability in ACP Child Sessions

A security vulnerability has been identified in OpenClaw versions prior to 2026.4.22. This vulnerability allows restricted subagents to spawn ACP child sessions that do not inherit important limitations and controls, such as depth, child-count restrictions, control scope, or target-agent limitations. Exploitation of this issue could lead to unauthorized privilege escalation or access to restricted resources.

Impact

Exploitation of this vulnerability could result in a bypass of subagent-only constraints, allowing for the spawning of child sessions that fail to adhere to established depth, child-count, control scope, or target-agent restrictions. This could potentially lead to unauthorized access to restricted resources or privileges.

Reproduction

To reproduce this vulnerability, a restricted subagent can be used to spawn an ACP child session. The child session will not inherit the necessary security envelope constraints, such as depth and child-count limits, control scope, or target-agent restrictions. This can be verified by checking the session parameters after it has been spawned, which will show that the inherited constraints have been bypassed.

Remediation

Users can update to OpenClaw version 2026.4.22 or later, where this vulnerability has been fixed.