The built-in session status tool did not enforce the intended session-visibility boundary. A sandboxed subagent could supply another session's sessionKey and inspect or modify state outside its own sandbox scope.

This allowed a sandboxed child session to read parent or sibling session data and, in affected releases, update the target session's persisted model override.

openclaw <= 2026.3.8

Fixed in openclaw 2026.3.11 and included in later releases such as 2026.3.12. Session visibility checks now enforce the sandbox boundary before reading or mutating session state.