Home

Description

OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in chat.send that allows write-scoped gateway callers to trigger admin-only session reset operations. Attackers can rotate target sessions, archive prior transcript state, and force new session IDs without requiring admin scope by exploiting improper authorization checks in the chat.send path.

PUBLISHED Reserved 2026-04-20 | Published 2026-04-27 | Updated 2026-04-28 | Assigner VulnCheck




HIGH: 8.4CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:H/SA:L

HIGH: 8.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:L

Problem types

CWE-863: Incorrect Authorization

Product status

Default status
unaffected

Any version before 2026.3.28
affected

2026.3.28 (semver)
unaffected

Credits

Peng Zhou (@zpbrent) reporter

References

github.com/...enclaw/security/advisories/GHSA-5r8f-96gm-5j6g (GitHub Security Advisory (GHSA-5r8f-96gm-5j6g)) vendor-advisory

www.vulncheck.com/...-escalation-via-chat-send-reset-command (VulnCheck Advisory: OpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset Command) third-party-advisory

cve.org (CVE-2026-41371)

nvd.nist.gov (CVE-2026-41371)

Download JSON