CVE-2026-41371

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.3.28

Description Improper authorization checks in the 'chat.send' path allow write-scoped gateway callers to perform admin-only session reset operations. This enables attackers to rotate target sessions, archive previous transcript states, and force the generation of new session IDs without possessing the required admin scope.

Recommendations Update to version 2026.3.28 or later. As a temporary workaround, restrict access to the 'chat.send' function to minimize the risk of unauthorized session resets.