Listen to this Post
The vulnerability arises from the `session_status` API endpoint, which resolves a `sessionId` into a canonical session key before enforcing visibility restrictions. In affected versions (2026.3.11 through 2026.3.24), the visibility checks—designed to confine sandboxed callers to their own session tree—occurred before the session ID was resolved. A sandboxed child could supply a `sessionId` belonging to a parent or sibling session, and the early checks would pass because the raw ID hadn’t yet been mapped to a session key. After resolution, the resulting session key would refer to a session outside the caller’s allowed tree, yet no further checks were performed. This effectively allowed a low‑privileged sandboxed process to escape its session subtree, viewing or interacting with sibling and parent sessions that should have been inaccessible. The fix, introduced in commit d9810811b6c3c9266d7580f00574e5e02f7663de, moves visibility enforcement after the sessionId‑to‑key resolution, ensuring that the final session key is validated against the caller’s allowed scope before any data is returned.
Platform: OpenClaw
Version: 2026.3.11–2026.3.24
Vulnerability : session_status bypass
Severity: High
date: Mar 26 2026
Prediction: Mar 29 2026
What Undercode Say:
Check running sandboxed process session tree openclaw session_status --sessionId child_session_123 --verbose Pre‑fix exploit attempt (visible parent/sibling data) curl -X GET "http://localhost:8080/api/session_status?sessionId=parent_session_456" \ -H "Authorization: Bearer <sandboxed_token>" After fix, the same request returns 403 Forbidden curl -X GET "http://localhost:8080/api/session_status?sessionId=parent_session_456" \ -H "Authorization: Bearer <sandboxed_token>"
Exploit:
Sandboxed child calls `session_status` with a parent sessionId, bypassing early visibility checks; after resolution, the parent session key is used without further validation, granting unauthorized access.
Protection:
Upgrade to OpenClaw version `2026.3.25` or apply commit `d9810811b6c3c9266d7580f00574e5e02f7663de` which enforces visibility checks after session ID resolution.
Impact:
Unauthorized session data exposure, cross‑session information leakage, and potential privilege escalation within the session‑tree isolation model.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

