OpenClaw Gateway Agent Session Reset Vulnerability
OpenClaw versions prior to 2026.3.23 expose an administrative session reset vulnerability via the Gateway agent RPC, allowing attackers with `operator.write` privileges to reset sessions that should require `operator.admin`.
OpenClaw versions before v2026.3.23 contain a vulnerability in the Gateway agent RPC that allows users with operator.write privileges to perform actions that should require operator.admin privileges. Specifically, the /reset and /new endpoints within the Gateway agent RPC in src/gateway/server-methods/agent.ts do not properly enforce the operator.admin check before calling performGatewaySessionReset(...). This oversight allows attackers with lower-level write access to reset administrative sessions. The vulnerability was reported by @smaeljaish771 and addressed in commit 50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0, which is included in releases v2026.3.23 and later. Defenders should ensure they are running version v2026.3.23 or later.
Attack Chain
- An attacker gains
operator.writeprivileges to the OpenClaw Gateway. - The attacker crafts a malicious RPC request to the
/resetor/newendpoint of the Gateway agent. - The attacker includes a specific
sessionKeyin the RPC request, targeting an administrator's session. - The Gateway agent, due to the vulnerability, incorrectly processes the request without verifying
operator.adminprivileges. - The
performGatewaySessionReset(...)function is called, resetting the targeted administrator's session. - The administrator's session is terminated, potentially disrupting ongoing administrative tasks.
- If the attacker can predict or obtain valid session keys, this can be repeated.
Impact
Successful exploitation of this vulnerability allows an attacker with limited operator.write privileges to disrupt administrative operations by forcibly resetting administrator sessions. This can lead to denial of service for administrative functions, potentially impacting the overall stability and security of the OpenClaw environment. The exact number of affected installations is unknown, but all OpenClaw deployments running versions prior to v2026.3.23 are susceptible.
Recommendation
- Upgrade OpenClaw to version
v2026.3.23or later to patch the vulnerability. - Monitor OpenClaw Gateway logs for requests to
/resetand/newendpoints originating from accounts with onlyoperator.writeprivileges. Deploy the Sigma ruleDetect OpenClaw Unauthorized Session Resetto detect this activity. - Implement strict access control policies to minimize the number of accounts with
operator.writeprivileges. - Enable detailed logging for the OpenClaw Gateway to facilitate incident investigation and response.
Detection coverage 2
Detect OpenClaw Unauthorized Session Reset
highDetects unauthorized session reset attempts in OpenClaw by monitoring for requests to the /reset or /new endpoints from users with operator.write privileges.
Detect OpenClaw Gateway Agent Reset Endpoint Access
mediumDetects access to the OpenClaw Gateway Agent's /reset endpoint. This can be used to identify potential exploitation attempts.
Detection queries are available on the platform. Get full rules →