PT-2026-22353 · Npm · Openclaw
Published
2026-02-17
·
Updated
2026-02-17
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N |
Summary
The issue is not deterministic session keys by itself. The exploitable path was accepting externally supplied
sessionKey values on authenticated hook ingress, allowing a hook token holder to route messages into chosen sessions.Affected Behavior
POST /hooks/agentaccepted payloadsessionKeyand used it directly for session routing.- Common session-key shapes (for example
agent:main:dm:<peerId>) were often derivable from known metadata, making targeted routing practical when request-level override was enabled.
Attack Preconditions
- Attacker can call hook endpoints with a valid hook token.
- Hook ingress allows request-selected
sessionKeyvalues. - Target session keys can be derived or guessed.
Without those preconditions, deterministic key formats alone do not provide access.
Impact
- Integrity: targeted message/prompt injection into chosen sessions.
- Persistence: poisoned context can affect subsequent turns when the same session key is reused.
- Confidentiality impact is secondary and depends on additional weaknesses.
Affected Versions
openclaw>= 2.0.0-beta3and< 2026.2.12
Patched Versions
openclaw>= 2026.2.12
Fix
OpenClaw now uses secure defaults for hook session routing:
POST /hooks/agentrejects payloadsessionKeyunlesshooks.allowRequestSessionKey=true.- Added
hooks.defaultSessionKeyfor fixed ingress routing. - Added
hooks.allowedSessionKeyPrefixesto constrain explicit routing keys. - Security audit warns on unsafe hook session-routing settings.
Recommended Configuration
json
{
"hooks": {
"enabled": true,
"token": "${OPENCLAW HOOKS TOKEN}",
"defaultSessionKey": "hook:ingress",
"allowRequestSessionKey": false,
"allowedSessionKeyPrefixes": ["hook:"]
}
}Credit
Thanks @alpernae for responsible reporting.
Fix
Use of Insufficiently Random Values
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openclaw