Skip to content

OpenClaw: Gateway Plugin Subagent Fallback `deleteSession` Uses Synthetic `operator.admin`

High severity GitHub Reviewed Published Mar 26, 2026 in openclaw/openclaw • Updated Mar 29, 2026

Package

npm openclaw (npm)

Affected versions

<= 2026.3.24

Patched versions

2026.3.28

Description

Summary

Gateway Plugin Subagent Fallback deleteSession Uses Synthetic operator.admin

Affected Packages / Versions

  • Package: openclaw
  • Affected versions: <= 2026.3.24
  • First patched version: 2026.3.25
  • Latest published npm version at verification time: 2026.3.24

Details

Gateway plugin subagent fallback deleteSession previously dispatched sessions.delete with a synthetic operator.admin runtime scope when no request-scoped client existed. Commit b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7 binds deletion to the caller scope instead of minting admin scope.

Verified vulnerable on tag v2026.3.24 and fixed on main by commit b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7.

Fix Commit(s)

  • b5d785f1a59a56c3471f2cef328f7c9a6c15f3e7

References

@steipete steipete published to openclaw/openclaw Mar 26, 2026
Published to the GitHub Advisory Database Mar 29, 2026
Reviewed Mar 29, 2026
Last updated Mar 29, 2026

Severity

High

EPSS score

Weaknesses

Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor. Learn more on MITRE.

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. Learn more on MITRE.

CVE ID

No known CVE

GHSA ID

GHSA-h4jx-hjr3-fhgc

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.