CVE-2026-32919
Received Received - Intake
Authorization Bypass in OpenClaw Allows Unauthorized Session Reset

Publication date: 2026-03-29

Last updated on: 2026-03-31

Assigner: VulnCheck

Description
OpenClaw before 2026.3.11 contains an authorization bypass vulnerability allowing write-scoped callers to reach admin-only session reset logic. Attackers with operator.write scope can issue agent requests containing /new or /reset slash commands to reset targeted conversation state without holding operator.admin privileges.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-29
Last Modified
2026-03-31
Generated
2026-06-16
AI Q&A
2026-03-29
EPSS Evaluated
2026-06-14
NVD
CVE-2026-32919
EUVD
EUVD-2026-17001
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.3.11 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-863 The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The provided information does not specify any direct impact of CVE-2026-32919 on compliance with common standards and regulations such as GDPR or HIPAA.

Executive Summary

CVE-2026-32919 is an authorization bypass vulnerability in OpenClaw versions before 2026.3.11. It allows attackers who have the operator.write scopeβ€”but not operator.admin privilegesβ€”to execute admin-only session reset commands. Specifically, these attackers can send agent requests containing the "/new" or "/reset" slash commands to reset the state of targeted conversations. This happens because the authorization checks were only applied at the outer RPC method level, but the internal agent slash-command paths reused admin-only reset logic, enabling write-scoped users to bypass proper authorization and perform session resets without admin rights.

Impact Analysis

This vulnerability can impact you by allowing users with limited write permissions to reset conversation sessions that should only be resettable by administrators. This unauthorized session reset can disrupt ongoing conversations or workflows, potentially causing loss of session state or data integrity issues. The vulnerability has a moderate severity with a CVSS score of 6.1, indicating a significant impact on availability and integrity, though it does not affect confidentiality.

Detection Guidance

This vulnerability involves unauthorized use of the /new or /reset agent slash commands by users with operator.write scope to reset conversation sessions without admin privileges.

To detect exploitation attempts on your network or system, monitor agent requests for usage of the /new or /reset commands issued by users who only have operator.write privileges but not operator.admin privileges.

You can use network or application logs to identify such requests. For example, searching logs for agent requests containing the paths '/new' or '/reset' from non-admin users may indicate attempts to exploit this vulnerability.

Specific commands depend on your logging and monitoring setup, but example commands might include:

  • Using grep on log files: grep -E '/new|/reset' /path/to/openclaw/logs/*
  • Filtering logs for operator.write scoped users issuing these commands to detect unauthorized session resets.
Mitigation Strategies

The primary mitigation step is to upgrade OpenClaw to version 2026.3.11 or later, where the vulnerability has been fixed.

This update removes the routing of the /new and /reset commands through the admin-only sessions.reset entry point, preventing write-scoped users from bypassing authorization.

Until the upgrade can be applied, consider restricting or monitoring operator.write scoped users' ability to issue /new or /reset commands to prevent unauthorized session resets.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32919. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart