Listen to this Post
The vulnerability arises from improper authorization scoping within the Gateway’s method handlers. Specifically, the `chat.send` method reuses command authorization logic intended for standard chat operations to handle the `/reset` command. In the architecture, a direct session reset is classified as an admin-only control-plane operation, restricted to administrative scope. However, the `operator.write` scope, which is assigned to standard gateway callers, grants write access to chat functionalities. Due to a flaw in the routing logic within `src/gateway/server-methods/chat.ts` and the session management in src/auto-reply/reply/session.ts, an attacker with `operator.write` privileges can invoke `chat.send` with the `/reset` payload. This action triggers the session rotation mechanism, archives the current transcript state, and generates a new session ID. This effectively bypasses the required admin scope, allowing a non-admin user to perform a disruptive session reset and potentially cause denial of service or session hijacking.
Platform: OpenClaw Gateway
Version: <= 2026.3.24
Vulnerability : Authorization Bypass
Severity: High
date: 2026-03-29
Prediction: 2026-03-28
Analytics under What Undercode Say:
Check for vulnerable version grep version package.json | grep 2026.3.2 Audit gateway method permissions jq '.methods[] | select(.name=="chat.send")' gateway_config.json Monitor session resets in logs grep "session.reset" /var/log/openclaw/gateway.log
Exploit:
// Crafted payload using operator.write scope
gateway.call('chat.send', {
target: 'victim_session_id',
message: '/reset'
});
// The server incorrectly processes the admin-only command.
Protection from this CVE
Upgrade to version 2026.3.28 or later which includes commit be00fcfccb. Implement strict scope validation in `chat.ts` to ensure that session reset commands are explicitly denied for non-admin scopes before reaching the session management handler.
Impact
An attacker with write-scoped gateway access can forcefully rotate user sessions, causing denial of service, loss of chat history, and potential session fixation or hijacking scenarios.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

