CVE-2026-32918

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description The software contains a session sandbox escape issue within the session status tool. This allows sandboxed subagents to access session state belonging to parent or sibling sessions. An attacker can provide arbitrary sessionKey values to read or modify session data outside of their designated sandbox, potentially including persisted model overrides.

Recommendations Update to version 2026.3.11 or later.