GHSA-hh43-q692-2xmq

Suggest an improvement
Source
https://github.com/advisories/GHSA-hh43-q692-2xmq
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-hh43-q692-2xmq/GHSA-hh43-q692-2xmq.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-hh43-q692-2xmq
Withdrawn
2026-04-01T00:06:14Z
Published
2026-03-29T15:30:19Z
Modified
2026-04-01T00:26:27.687220Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N CVSS Calculator
  • 9.2 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
Duplicate Advisory: `OpenClaw: session_status` let sandboxed subagents access parent or sibling session state
Details

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-wcxr-59v9-rxr8. This link is maintained to preserve external references.

Original Description

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ],
    "github_reviewed_at": "2026-04-01T00:06:14Z",
    "nvd_published_at": "2026-03-29T13:17:00Z",
    "severity": "CRITICAL",
    "github_reviewed": true
}
References

Affected packages

npm / openclaw

Package

Name
openclaw
View open source insights on deps.dev
Purl
pkg:npm/openclaw

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
2026.3.8

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/03/GHSA-hh43-q692-2xmq/GHSA-hh43-q692-2xmq.json"