PT-2026-34781 · Openclaw · Openclaw

Tdjackey

Published

2026-04-23

Updated

2026-04-25

CVE-2026-41350

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.31

Description A session visibility bypass exists where the session status() function fails to enforce configured tools.sessions.visibility restrictions during unsandboxed invocations. This allows attackers to invoke session status() without sandbox constraints, bypassing session-policy controls to access restricted session information.

Recommendations Update to version 2026.3.31 or later. As a temporary workaround, restrict access to the session status() function to minimize the risk of exploitation.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2026-41350

Affected Products

Openclaw

PT-2026-34781 · Openclaw · Openclaw

CVE-2026-41350

Weakness Enumeration

Related Identifiers

Affected Products

References · 5