Listen to this Post
The vulnerability resides in the HTTP endpoint /sessions/:sessionKey/history. Prior to the fix, this route validated the bearer token but did not enforce the `operator.read` scope, which is required by the equivalent WebSocket `chat.history` method. An attacker possessing a valid token—even one lacking the necessary operator privileges—could retrieve session history logs. The flaw allows privilege escalation by bypassing scope-based access controls. The vulnerable code path exists in OpenClaw versions up to and including 2026.3.24. The issue was addressed by commit 1c45123231516fa50f8cf8522ba5ff2fb2ca7aea, which modifies HTTP handlers to explicitly declare and verify operator scopes, rejecting requests that lack operator.read. The fix was merged into `main` and is included in version 2026.3.25. Testing on tag `v2026.3.24` confirms the bypass, while the fixed version blocks unauthorized history reads.
Platform: OpenClaw
Version: <= 2026.3.24
Vulnerability: Operator scope bypass
Severity: Moderate
Date: 2026-03-26
Prediction: Already patched (2026-03-29)
What Undercode Say:
Check if token lacks operator.read but can access history curl -H "Authorization: Bearer $TOKEN" \ http://gateway/sessions/abc123/history Validate scope enforcement in fixed version git diff 1c45123231516fa50f8cf8522ba5ff2fb2ca7aea
Exploit:
Craft a bearer token with any valid session but without the `operator.read` scope. Send a GET request to /sessions/{sessionKey}/history; the vulnerable endpoint returns the full chat history, bypassing the intended read restriction.
Protection from this CVE:
Upgrade to OpenClaw version `2026.3.25` or later. If immediate upgrade is not possible, apply the patch from commit `1c45123231516fa50f8cf8522ba5ff2fb2ca7aea` to enforce operator scope checks on the HTTP history route.
Impact:
Unauthorized users with valid tokens can read session history, potentially exposing sensitive conversation data and violating operator privilege boundaries.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

