Security Advisory

CVE-2026-35660

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 16:03:21

Last updated 2026-04-13 17:41:32

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.

← Browse all CVEs View on cve.org ↗