CVE-2026-35660 is a high-severity vulnerability identified in OpenClaw, specifically before version 2026.3.23. The vulnerability is categorized as an insufficient access control issue within the Gateway agent's /reset endpoint. This vulnerability allows attackers with operator.write permissions to reset arbitrary admin sessions. By invoking the /reset or /new endpoints with a specific sessionKey, unauthorized users can bypass the required operator.admin privileges, potentially leading to unauthorized access and control over admin sessions.
The CVSS score for this vulnerability is 7.2, indicating a high severity level. The high score reflects the potential for significant impact on the integrity and availability of services using the affected OpenClaw product. Given the nature of the vulnerability, organizations using OpenClaw should treat this issue with urgency.
Risk to organizations includes potential unauthorized session resets that could lead to administrative privileges being misused. Attackers may leverage this vulnerability to disrupt services or gain unauthorized access to sensitive functionalities, thus posing a serious risk to operational integrity.
Organizations should prioritize patching immediately. The latest updates from OpenClaw address this vulnerability, and timely remediation is crucial to prevent exploitation.
Vulnerability Details
The official description from the CVE report states that OpenClaw prior to version 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint. This vulnerability allows callers with operator.write permission to reset admin sessions. The CWE classification for this vulnerability is CWE-862, which pertains to insufficient access control.
The CVSS score of 7.2 indicates a high severity level, which is derived from an attack vector classified as NETWORK, a low attack complexity, and a low requirement for privileges. The integrity impact is high, as unauthorized resets can compromise system integrity, and the availability impact is also high, as it can disrupt service availability.
The vulnerability was published on April 10, 2026, and remains a critical concern for organizations using the affected versions of OpenClaw.
Technical Analysis
The root cause of CVE-2026-35660 lies in the insufficient access control mechanisms implemented within the Gateway agent. Specifically, the /reset endpoint lacks proper authorization checks to validate the caller's permissions. Attackers with operator.write privileges can exploit this by invoking the /reset endpoint using an explicit sessionKey, effectively bypassing the intended administrative requirements.
The attack vector is classified as NETWORK, meaning the vulnerability can be triggered remotely without physical access to the system. The attack complexity is low, as it does not require advanced skills or conditions to exploit. Privileges required are low, specifically operator.write, which makes it easier for attackers with minimal permissions to execute the exploit.
No user interaction is required for the exploitation of this vulnerability. The impacts on confidentiality are minimal, but the integrity and availability impacts are high, as unauthorized resets can lead to disruption of services and loss of control over admin sessions.
Risk & Impact Analysis
The real-world deployment risk associated with CVE-2026-35660 is significant. Organizations utilizing OpenClaw must consider the potential for unauthorized access that could lead to the manipulation or disruption of admin functionalities. The blast radius of this vulnerability is considerable, as it affects all instances of OpenClaw versions prior to 2026.3.23, which may be used across various applications.
Given the high CVSS score and the nature of the vulnerability, organizations should address this issue in their priority patch cycle. The urgency for remediation cannot be overstated, as failing to act could lead to severe operational impact.
Signal | Status |
|---|---|
Known Exploit | No |
Public PoC | No |
Actively Exploited | No |
Ransomware Use | No |
Affected Versions
The vulnerability affects all versions of OpenClaw prior to 2026.3.23. Organizations using these versions should upgrade to the latest release to mitigate risks associated with this vulnerability.
Mitigation & Remediation
To remediate this vulnerability, organizations should apply the latest patches provided by OpenClaw. The patches addressing this vulnerability are included in the release version 2026.3.23 and later. If a patch cannot be applied immediately, organizations should consider implementing strict access controls and monitoring of the Gateway agent's /reset endpoint to prevent unauthorized access.
For ongoing protection, organizations should engage in continuous security testing practices to identify and mitigate similar vulnerabilities in the future. Utilizing services such as penetration testing can help ensure that no similar weaknesses are introduced into the system.
Detection Guidance
Monitoring logs for unusual access patterns, particularly around the /reset endpoint, is crucial for detecting potential exploitation attempts. Organizations should also look for behavioral anomalies indicating unauthorized session resets. Implementing network signatures that detect abnormal requests to the Gateway agent can provide additional layers of security.
AppSecure Threat Intelligence Insight
CVE-2026-35660 highlights the ongoing need for robust access control measures in software development. The trend of insufficient access controls continues to pose significant risks across various platforms, underscoring the importance of thorough security assessments during development cycles.
Organizations should learn from this incident to enhance their security protocols and ensure that similar vulnerabilities do not emerge in the future. For more information on improving security postures, organizations can refer to best practices outlined in our vulnerability management program design.
Additionally, the integration of continuous security testing methodologies can significantly reduce the chances of exposure to such vulnerabilities. Organizations can explore our resources on penetration testing methodology to further bolster their security strategies.
Finally, organizations should consider leveraging services such as red teaming to simulate attacks and identify weaknesses in their defenses.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)