CVE-2026-41350 - OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations
CVE ID :CVE-2026-41350
Published : April 23, 2026, 10:16 p.m. | 1 hour, 56 minutes ago
Description :OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session_status without sandbox constraints to bypass session-policy controls and access restricted session information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
Published : April 23, 2026, 10:16 p.m. | 1 hour, 56 minutes ago
Description :OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enforce configured tools.sessions.visibility restrictions for unsandboxed invocations. Attackers can invoke session_status without sandbox constraints to bypass session-policy controls and access restricted session information.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...