Listen to this Post
How the CVE Works
The vulnerability exists within the OpenClaw Gateway plugin subagent fallback mechanism, specifically in the `deleteSession` function. Prior to the fix, when this function was invoked without a valid request-scoped client (e.g., during internal fallback or cleanup operations), the application would automatically generate a synthetic runtime scope. This synthetic scope was incorrectly assigned the high-privilege `operator.admin` role.
This means that any unauthenticated or low-privileged request that triggered the fallback path could inadvertently execute the `sessions.delete` operation with administrative privileges. The core issue stems from the code defaulting to an elevated scope as a safety fallback, rather than properly binding the operation to the caller’s original, limited scope. Versions up to and including `2026.3.24` are vulnerable. The fix, implemented in commit b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7, corrects this by ensuring the deletion operation is bound to the caller’s scope, preventing the automatic minting of admin-level permissions.
dailycve form:
Platform: OpenClaw Gateway
Version: <= 2026.3.24
Vulnerability: Synthetic admin scope
Severity: High
date: Mar 29 2026
Prediction: Mar 26 2026
What Undercode Say:
Verify vulnerable version openclaw version | grep -E "2026.[0-3].(2[0-4]|24)" Test for synthetic admin scope by attempting session deletion without auth curl -X DELETE http://target/gateway/sessions/test-session \ -H "X-Fallback-Trigger: true"
Exploit:
1. Identify a target running OpenClaw `<=2026.3.24`.
- Trigger the Gateway plugin subagent fallback path (e.g., by omitting session context).
- Send a crafted request to `deleteSession` without valid credentials.
- Observe deletion of arbitrary sessions due to synthetic `operator.admin` scope.
Protection from this CVE
1. Upgrade to OpenClaw version `2026.3.25` or later.
2. Apply the patch from commit `b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7`.
- Implement strict request validation to prevent triggering fallback paths.
Impact
Unauthenticated or low-privileged attackers can delete any user session, leading to denial of service (forced logouts) and potential disruption of administrative workflows.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

