Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.9
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
CVE-2026-27004
GHSA-6hf3-mhgc-cm65
Summary
## Vulnerability
In some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not ...
What to do
- Update steipete openclaw to version 2026.2.15.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| steipete | openclaw | <= 2026.2.15 | 2026.2.15 |
| openclaw | openclaw | <= 2026.2.15 | – |
Original title
OpenClaw session tool visibility hardening and Telegram webhook secret fallback
Original description
## Vulnerability
In some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not equally trusted.
In Telegram webhook mode, monitor startup also did not fall back to per-account `webhookSecret` when only the account-level secret was configured.
## Typical Use Case Context
Most regular OpenClaw deployments run a single agent, or run in trusted environments. In those setups, practical risk from this issue is generally low.
## Impact
- Shared-agent, multi-user, less-trusted environments: session-tool access could expose transcript content across peer sessions.
- Single-agent or trusted environments: practical impact is limited.
- Telegram webhook mode: account-level secret wiring could be missed unless an explicit monitor webhook secret override was provided.
## Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.14`
- Patched version: `2026.2.15` (planned next release)
## Remediation
- Add and enforce `tools.sessions.visibility` (`self | tree | agent | all`) across session tools, defaulting to `tree`.
- Keep sandbox clamping behavior so sandboxed runs can be restricted to spawned/session-tree visibility.
- Resolve Telegram webhook secret from account config fallback in monitor webhook startup.
## Fix Commit(s)
- `c6c53437f7da033b94a01d492e904974e7bda74c`
Thanks @aether-ai-agent for reporting.
In some shared-agent deployments, OpenClaw session tools (`sessions_list`, `sessions_history`, `sessions_send`) allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not equally trusted.
In Telegram webhook mode, monitor startup also did not fall back to per-account `webhookSecret` when only the account-level secret was configured.
## Typical Use Case Context
Most regular OpenClaw deployments run a single agent, or run in trusted environments. In those setups, practical risk from this issue is generally low.
## Impact
- Shared-agent, multi-user, less-trusted environments: session-tool access could expose transcript content across peer sessions.
- Single-agent or trusted environments: practical impact is limited.
- Telegram webhook mode: account-level secret wiring could be missed unless an explicit monitor webhook secret override was provided.
## Affected Packages / Versions
- Package: npm `openclaw`
- Affected versions: `<= 2026.2.14`
- Patched version: `2026.2.15` (planned next release)
## Remediation
- Add and enforce `tools.sessions.visibility` (`self | tree | agent | all`) across session tools, defaulting to `tree`.
- Keep sandbox clamping behavior so sandboxed runs can be restricted to spawned/session-tree visibility.
- Resolve Telegram webhook secret from account config fallback in monitor webhook startup.
## Fix Commit(s)
- `c6c53437f7da033b94a01d492e904974e7bda74c`
Thanks @aether-ai-agent for reporting.
nvd CVSS3.1
5.5
nvd CVSS4.0
6.9
Vulnerability type
CWE-209
CWE-346
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026