CVE-2026-32919

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.11

Description The software contains an authorization bypass issue. Attackers possessing write-scoped access can execute admin-only session reset logic. Specifically, individuals with operator.write scope can send agent requests, including '/new' or '/reset' commands, to alter conversation state without the necessary operator.admin privileges.

Recommendations Update to version 2026.3.11 or later.