PT-2026-30550 · Npm · Openclaw

Published

2026-03-26

·

Updated

2026-03-26

CVSS v3.1

4.3

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Summary

Leaf subagents could still use the send action to message controlled child sessions even when their controlScope was narrower than children.

Affected Packages / Versions

  • Package: openclaw (npm)
  • Affected: < 2026.3.22
  • Fixed: >= 2026.3.22
  • Latest released tag checked: v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)
  • Latest published npm version checked: 2026.3.23-2

Fix Commit(s)

  • 7679eb375294941b02214c234aff3948796969d0

Release Status

The fix shipped in v2026.3.22 and remains present in v2026.3.23 and v2026.3.23-2.

Code-Level Confirmation

  • src/auto-reply/reply/commands-subagents/action-send.ts now threads controller context through the send path.
  • src/agents/subagent-control.ts now blocks send attempts unless the requester owns the target and has controlScope="children".
OpenClaw thanks @space08 for reporting.

Fix

Missing Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-285

Related Identifiers

GHSA-X2CM-HG9C-MF5W

Affected Products

Openclaw