CVE-2026-32918 in OpenClaw
Resumen (Inglés)
OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.
Responsable
VulnCheck
Reservar
2026-03-16
Divulgación
2026-03-29
Voces
| Fecha de publicación | Base | Temp | Vulnerabilidad | CWE | Prod | Exp | Con | EPSS | CTI | CVE |
|---|---|---|---|---|---|---|---|---|---|---|
| 2026-03-29 | 6.8 | 6.7 | OpenClaw session_status escalada de privilegios | 863 | Artificial Intelligence Software | No está definido | Arreglo oficial | 0.00000 | 4.48 | CVE-2026-32918 |