Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.1
OpenClaw: Unauthorized users can reset conversation state
GHSA-jf6w-m8jw-jfxc
Summary
A security issue in OpenClaw allows certain users to reset conversation state without permission. This is fixed in version 2026.3.11. To stay secure, update to this version or later.
What to do
- Update openclaw to version 2026.3.11.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | openclaw | <= 2026.3.11 | 2026.3.11 |
Original title
OpenClaw: Write-scoped callers could reach admin-only session reset logic through `agent`
Original description
## Summary
In affected versions of `openclaw`, a gateway caller with `operator.write` could issue `agent` requests containing `/new` or `/reset` and reach the same reset path used by the admin-only `sessions.reset` RPC.
## Impact
On gateways where a caller is intentionally granted `operator.write` but not `operator.admin`, that caller could reset targeted conversation state through `agent` slash commands. This crosses the documented method-scope boundary between write-scoped messaging and admin-only session mutation.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.8`
- Fixed in: `2026.3.11`
## Technical Details
Scope checks were enforced only on the outer RPC method. The `agent` slash-command path reused admin-only reset logic internally, so a write-scoped caller could reach session-reset mutation without holding `operator.admin`.
## Fix
OpenClaw no longer routes conversation `/new` and `/reset` through the admin-only `sessions.reset` entry point. Reset logic now lives in a shared service, while `sessions.reset` remains admin-only. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
In affected versions of `openclaw`, a gateway caller with `operator.write` could issue `agent` requests containing `/new` or `/reset` and reach the same reset path used by the admin-only `sessions.reset` RPC.
## Impact
On gateways where a caller is intentionally granted `operator.write` but not `operator.admin`, that caller could reset targeted conversation state through `agent` slash commands. This crosses the documented method-scope boundary between write-scoped messaging and admin-only session mutation.
## Affected Packages and Versions
- Package: `openclaw` (npm)
- Affected versions: `<= 2026.3.8`
- Fixed in: `2026.3.11`
## Technical Details
Scope checks were enforced only on the outer RPC method. The `agent` slash-command path reused admin-only reset logic internally, so a write-scoped caller could reach session-reset mutation without holding `operator.admin`.
## Fix
OpenClaw no longer routes conversation `/new` and `/reset` through the admin-only `sessions.reset` entry point. Reset logic now lives in a shared service, while `sessions.reset` remains admin-only. The fix shipped in `[email protected]`.
## Workarounds
Upgrade to `2026.3.11` or later.
ghsa CVSS3.1
6.1
Vulnerability type
CWE-863
Incorrect Authorization
Published: 13 Mar 2026 · Updated: 14 Mar 2026 · First seen: 13 Mar 2026