OpenClaw Session Sandbox Escape Vulnerability (CVE-2026-32918)
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool, allowing sandboxed subagents to access and modify session data outside their intended scope.
CVE-2026-32918 affects OpenClaw versions prior to 2026.3.11. The vulnerability resides in the session_status tool, which is intended to manage sandboxed subagents. However, a flaw allows these sandboxed agents to bypass their intended restrictions and access session data belonging to parent or sibling sessions. An attacker can exploit this by supplying arbitrary sessionKey values, enabling them to read and modify sensitive session data, including persisted model overrides, far beyond the…
Detection coverage 2
Detect OpenClaw Session Key Manipulation
highDetects attempts to manipulate sessionKey values, potentially indicating an attempt to exploit CVE-2026-32918.
Detect OpenClaw Persisted Model Overrides Modification
mediumDetects modification of persisted model overrides, potentially indicating an exploit of CVE-2026-32918.
Detection queries are kept inside the platform. Get full rules →