Before v2026.3.23, the Gateway agent RPC accepted /reset and /new for callers with only operator.write, even though the direct sessions.reset RPC correctly requires operator.admin.
openclaw (npm)< 2026.3.23>= 2026.3.23v2026.3.23-2 (630f1479c44f78484dfa21bb407cbe6f171dac87)2026.3.23-2The vulnerable path lived in src/gateway/server-methods/agent.ts. A /reset or /new message with an explicit sessionKey reached performGatewaySessionReset(...) without enforcing the same operator.admin guard used by sessions.reset.
50f6a2f136fed85b58548a38f7a3dbb98d2cd1a0 — fix(gateway): require admin for agent session resetThe fix commit is contained in released tags v2026.3.23 and v2026.3.23-2. The latest shipped tag and npm release both include the fix.
src/gateway/server-methods/agent.ts now rejects /reset and /new for callers that do not have operator.admin before calling performGatewaySessionReset(...).src/gateway/server-methods/agent.test.ts contains the regression test rejects /reset for write-scoped gateway callers.Thanks @smaeljaish771 for reporting.
| Score | Percentile |
|---|---|
| 0.04% | 13.61% |
| Base score | Version | Severity | Vector |
|---|---|---|---|
| 7.1 | 4.0 | — |
|
| Type | Value |
|---|---|
| GHSA | GHSA-wq58-2pvg-5h4f ↗ |
| CVE | CVE-2026-35660 ↗ |
| CWE id | Name |
|---|---|
| CWE-862 | Missing Authorization |
Vulnerable version ranges and first patched releases as published by GitHub.
| Ecosystem | Package | Vulnerable range | First patched | Vulnerable functions |
|---|---|---|---|---|
| npm | openclaw | < 2026.3.23 | 2026.3.23 | — |