CVE-2026-35660 Overview
CVE-2026-35660 is an insufficient access control vulnerability in OpenClaw's Gateway agent that affects versions prior to 2026.3.23. The vulnerability exists in the /reset endpoint, which improperly validates caller permissions before allowing session reset operations. Attackers with operator.write privileges can exploit this flaw to reset arbitrary admin sessions by invoking the /reset or /new messages with an explicit sessionKey, effectively bypassing the intended operator.admin permission requirements.
This vulnerability represents a significant authorization bypass (CWE-862: Missing Authorization) that could allow lower-privileged operators to disrupt administrative sessions, potentially leading to denial of service conditions for system administrators or enabling further attack vectors through session manipulation.
Critical Impact
Attackers with operator.write privileges can bypass authorization controls to reset arbitrary admin sessions, potentially disrupting administrative operations and compromising session integrity across the OpenClaw Gateway agent.
Affected Products
- OpenClaw versions prior to 2026.3.23
- OpenClaw Gateway agent for Node.js
- OpenClaw deployments with multi-user operator configurations
Discovery Timeline
- April 10, 2026 - CVE-2026-35660 published to NVD
- April 13, 2026 - Last updated in NVD database
Technical Details for CVE-2026-35660
Vulnerability Analysis
The vulnerability stems from insufficient authorization checks within the OpenClaw Gateway agent's session management functionality. The /reset endpoint, designed to allow session management operations, fails to properly validate that the caller possesses the required operator.admin permission before processing session reset requests.
Instead of enforcing the appropriate permission boundary, the endpoint only verifies that the caller has operator.write privileges. This creates a privilege escalation path where operators with limited write access can perform administrative session operations that should be restricted to users with elevated admin permissions.
The attack is network-accessible and requires low complexity to exploit, as an authenticated attacker simply needs to craft requests to the vulnerable endpoints with an explicit sessionKey parameter to target specific administrative sessions for termination.
Root Cause
The root cause is a missing authorization check (CWE-862) in the Gateway agent's endpoint handlers. The code responsible for processing /reset and /new message operations does not properly verify that the calling entity has the operator.admin permission level. Instead, it only checks for operator.write, which is a lower privilege level intended for routine operational tasks rather than administrative session management.
This represents a broken access control pattern where the permission hierarchy is not properly enforced at the API boundary, allowing users with insufficient privileges to execute sensitive operations that impact other users' sessions.
Attack Vector
The attack vector is network-based and requires authentication with at least operator.write privileges. An attacker exploiting this vulnerability would:
- Authenticate to the OpenClaw Gateway agent with operator.write credentials
- Identify or enumerate valid administrative session keys
- Send a crafted request to the /reset or /new endpoint
- Include an explicit sessionKey parameter targeting an admin session
- The endpoint processes the request without verifying operator.admin permission
- The targeted administrative session is reset, disrupting the admin user
The vulnerability allows for targeted denial of service against specific administrators or could be chained with other attacks to gain advantage during the window when admin sessions are disrupted. For detailed technical information, refer to the GitHub Security Advisory.
Detection Methods for CVE-2026-35660
Indicators of Compromise
- Unusual patterns of /reset or /new endpoint calls from non-admin operator accounts
- Session reset events occurring for administrative users without corresponding admin-initiated actions
- Repeated session terminations affecting the same admin accounts
- API logs showing sessionKey parameters in requests from operators lacking operator.admin permissions
Detection Strategies
- Monitor Gateway agent logs for /reset and /new endpoint requests that include explicit sessionKey parameters from users without admin privileges
- Implement alerting on session reset events where the initiating user's permission level is operator.write but not operator.admin
- Review authentication and authorization logs for patterns indicating privilege abuse attempts
- Deploy API monitoring to track unusual session management activity patterns
Monitoring Recommendations
- Enable detailed audit logging for all Gateway agent endpoint interactions
- Configure alerts for session reset operations targeting administrative accounts
- Implement rate limiting and anomaly detection on session management endpoints
- Regularly review operator permission assignments and access patterns
How to Mitigate CVE-2026-35660
Immediate Actions Required
- Upgrade OpenClaw to version 2026.3.23 or later immediately
- Review Gateway agent logs for evidence of exploitation attempts
- Audit all operator accounts and their assigned permission levels
- Consider temporarily restricting operator.write permissions until patching is complete
Patch Information
OpenClaw has released patches to address this vulnerability. The fixes are available through the following commits:
Organizations should upgrade to OpenClaw version 2026.3.23 or later, which includes proper authorization checks for the /reset and /new endpoints. Additional details are available in the GitHub Security Advisory and the VulnCheck Advisory.
Workarounds
- Implement network segmentation to limit access to the Gateway agent endpoints
- Deploy a reverse proxy or API gateway with additional authorization checks before requests reach the vulnerable endpoints
- Temporarily revoke operator.write permissions from accounts that do not require session management capabilities
- Monitor and alert on all session reset operations until the patch can be applied
# Example: Restrict access to Gateway agent endpoints at the network level
# Add firewall rules to limit access to trusted administrative networks only
iptables -A INPUT -p tcp --dport 8080 -s 10.0.0.0/24 -j ACCEPT
iptables -A INPUT -p tcp --dport 8080 -j DROP
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
