CVE-2026-27004
February 19, 2026
OpenClaw is a personal AI assistant. Prior to version 2026.2.15, in some shared-agent deployments, OpenClaw session tools ("sessions_list", "sessions_history", "sessions_send") allowed broader session targeting than some operators intended. This is primarily a configuration/visibility-scoping issue in multi-user environments where peers are not equally trusted. In Telegram webhook mode, monitor startup also did not fall back to per-account "webhookSecret" when only the account-level secret was configured. In shared-agent, multi-user, less-trusted environments: session-tool access could expose transcript content across peer sessions. In single-agent or trusted environments, practical impact is limited. In Telegram webhook mode, account-level secret wiring could be missed unless an explicit monitor webhook secret override was provided. Version 2026.2.15 fixes the issue.
Affected Packages
https://github.com/openclaw/openclaw.git (GITHUB):
Affected version(s) >=v2026.1.5-1 <v2026.2.15Fix Suggestion:
Update to version v2026.2.15openclaw (NPM):
Affected version(s) >=0.0.1 <2026.2.15Fix Suggestion:
Update to version 2026.2.15Related ResourcesĀ (4)
Do you need more information?
Contact UsCVSS v4
Base Score:
6.9
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.2
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
NONE
Availability
NONE
