CVE-2026-27004

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15

Description OpenClaw is a personal AI assistant. In shared-agent deployments, prior to version 2026.2.15, session tools (sessions list, sessions history, sessions send) permitted broader session targeting than intended by some operators. This is a configuration and visibility-scoping issue in multi-user environments where peers are not equally trusted, potentially exposing transcript content across peer sessions. In Telegram webhook mode, monitor startup did not fall back to per-account webhookSecret when only the account-level secret was configured.

Recommendations Update OpenClaw to version 2026.2.15 or later.