Security Advisory

CVE-2026-35657

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 16:03:19

Last updated 2026-04-14 14:28:51

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in the HTTP /sessions/:sessionKey/history route that skips operator.read scope validation. Attackers can access session history without proper operator read permissions by sending HTTP requests to the vulnerable endpoint.

← Browse all CVEs View on cve.org ↗