OpenClaw Gateway allows unauthorized session reset

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

OpenClaw Gateway allows unauthorized session reset

GHSA-5r8f-96gm-5j6g

Summary

A security issue in OpenClaw Gateway allows an attacker with limited permissions to reset and take control of a session, even if they shouldn't have that power. This could be exploited by a malicious user who can send a specific message to the chat system. To fix this, update to the latest version of OpenClaw Gateway, which is 2026.3.28 or later.

What to do

Update GitHub Actions openclaw to version 2026.3.28.

Affected software

Vendor	Product	Affected versions	Fix available
GitHub Actions	openclaw	<= 2026.3.24	2026.3.28

Original title

OpenClaw Gateway `operator.write` can reach admin-only session reset via `chat.send` `/reset`

Original description

## Summary

The `chat.send` path reused command authorization to trigger `/reset` session rotation even though direct session reset is an admin-only control-plane operation.

## Impact

A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id without admin scope.

## Affected Component

`src/gateway/server-methods/chat.ts, src/auto-reply/reply/session.ts`

## Fixed Versions

- Affected: `<= 2026.3.24`
- Patched: `>= 2026.3.28`
- Latest stable `2026.3.28` contains the fix.

## Fix

Fixed by commit `be00fcfccb` (`Gateway: align chat.send reset scope checks`).

ghsa CVSS4.0 7.1

Vulnerability type

CWE-284 Improper Access Control

CWE-863 Incorrect Authorization

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026