CVE-2026-32918 — HIGH (8.4)

Q: How severe is CVE-2026-32918?

CVE-2026-32918 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-32918?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arbitrary sessionKey values to read or modify session data outside their sandbox scope, including persisted model overrides.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.3.11

Related Weaknesses (CWE)

CWE-863

References

https://github.com/openclaw/openclaw/security/advisories/GHSA-wcxr-59v9-rxr8Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-session-sandbox-escape-via-sessionThird Party Advisory

FAQ

What is CVE-2026-32918?

CVE-2026-32918 is a vulnerability with a CVSS score of 8.4 (HIGH). OpenClaw before 2026.3.11 contains a session sandbox escape vulnerability in the session_status tool that allows sandboxed subagents to access parent or sibling session state. Attackers can supply arb...

How severe is CVE-2026-32918?

CVE-2026-32918 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-32918?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.