CVE-2026-35657 Overview
CVE-2026-35657 is an authorization bypass vulnerability discovered in OpenClaw, a Node.js application. The vulnerability exists in the HTTP /sessions/:sessionKey/history route, which fails to properly validate the operator.read scope before processing requests. This flaw allows attackers with low privileges to access session history data without the required operator read permissions, potentially exposing sensitive session information.
Critical Impact
Attackers can bypass authorization controls to access session history without proper operator.read permissions, leading to unauthorized information disclosure.
Affected Products
- OpenClaw versions prior to 2026.3.25
- OpenClaw Node.js package (cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*)
Discovery Timeline
- 2026-04-10 - CVE-2026-35657 published to NVD
- 2026-04-13 - Last updated in NVD database
Technical Details for CVE-2026-35657
Vulnerability Analysis
This vulnerability is classified as CWE-863 (Incorrect Authorization), indicating a failure in the application's access control logic. The /sessions/:sessionKey/history endpoint in OpenClaw does not properly enforce the operator.read scope validation before returning session history data to the requesting user.
When a request is made to retrieve session history, the application should verify that the requesting user has the appropriate operator.read scope assigned to their credentials. However, the vulnerable code path skips this authorization check entirely, allowing any authenticated user with low privileges to access session history data that should be restricted to operators with explicit read permissions.
The network-accessible nature of this vulnerability means that any user who can reach the OpenClaw HTTP API can potentially exploit this flaw. While the attacker needs to be authenticated (low privilege required), they do not need any user interaction to carry out the attack. The primary impact is to confidentiality, as attackers gain unauthorized read access to session history data.
Root Cause
The root cause of this vulnerability lies in missing scope validation logic within the session history route handler. The endpoint handler for /sessions/:sessionKey/history fails to invoke the authorization middleware that checks for the operator.read scope. This creates a gap in the access control enforcement, allowing requests to proceed without proper permission verification.
Attack Vector
The attack is performed over the network by sending HTTP requests to the vulnerable endpoint. An attacker needs only low-level authentication credentials to exploit this vulnerability. The attack flow is as follows:
- The attacker authenticates to the OpenClaw application with any valid credentials
- The attacker sends an HTTP GET request to /sessions/:sessionKey/history with a target session key
- The server processes the request without validating the operator.read scope
- Session history data is returned to the attacker, bypassing the intended authorization controls
For technical implementation details, refer to the GitHub Security Advisory and the VulnCheck Advisory Report.
Detection Methods for CVE-2026-35657
Indicators of Compromise
- Unusual volume of requests to /sessions/:sessionKey/history endpoints from users without operator roles
- Access logs showing session history queries from accounts that lack operator.read permissions
- Pattern of session key enumeration attempts targeting the history endpoint
Detection Strategies
- Implement logging on the /sessions/:sessionKey/history endpoint to capture requester identity and scope claims
- Deploy web application firewall (WAF) rules to monitor and alert on anomalous session history access patterns
- Correlate authentication logs with session history access to identify privilege boundary violations
Monitoring Recommendations
- Enable detailed access logging for all session-related API endpoints
- Set up alerts for repeated access attempts to session history from non-operator accounts
- Monitor for bulk enumeration patterns that may indicate reconnaissance activity
How to Mitigate CVE-2026-35657
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.25 or later immediately
- Review access logs for any unauthorized access to session history endpoints
- Audit user permissions to ensure proper scope assignments are in place
Patch Information
OpenClaw has released a security patch in version 2026.3.25 that properly enforces operator.read scope validation on the session history endpoint. The fix is available in commit 1c45123231516fa50f8cf8522ba5ff2fb2ca7aea.
Organizations should update their OpenClaw installations to the patched version as soon as possible. Additional information about the vulnerability and remediation is available in the GitHub Security Advisory.
Workarounds
- Implement network-level access controls to restrict access to the /sessions/:sessionKey/history endpoint to trusted sources only
- Deploy a reverse proxy or API gateway to enforce additional authorization checks before requests reach the OpenClaw application
- Temporarily disable the session history endpoint if it is not critical to operations until the patch can be applied
# Example: Using nginx to restrict access to vulnerable endpoint
location /sessions/ {
# Restrict to internal network only until patch is applied
allow 10.0.0.0/8;
allow 192.168.0.0/16;
deny all;
proxy_pass http://openclaw_backend;
}
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
