How to fix CVE-2026-35660?

CVE-2026-35660

EUVD-2026-21466 HIGH

2026-04-10 VulnCheck

GHSA-wq58-2pvg-5h4f

7.2

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

EUVD ID Assigned

Apr 10, 2026 - 16:30 euvd

EUVD-2026-21466

Analysis Generated

Apr 10, 2026 - 16:30 vuln.today

Patch Released

Apr 10, 2026 - 16:30 nvd

Patch available

CVE Published

Apr 10, 2026 - 16:03 nvd

HIGH 7.2

Description

OpenClaw before 2026.3.23 contains an insufficient access control vulnerability in the Gateway agent /reset endpoint that allows callers with operator.write permission to reset admin sessions. Attackers with operator.write privileges can invoke /reset or /new messages with an explicit sessionKey to bypass operator.admin requirements and reset arbitrary sessions.

Analysis

Insufficient access control in OpenClaw Gateway agent allows authenticated attackers with operator.write permission to reset admin sessions without operator.admin authorization. By invoking /reset or /new endpoints with explicit sessionKey parameters, attackers bypass privilege requirements and terminate arbitrary administrative sessions, achieving high-impact session hijacking. …

Remediation

Within 24 hours: Inventory all OpenClaw Gateway deployments and confirm installed versions against 2026.3.23 baseline. Within 7 days: Apply vendor patch to upgrade all affected instances to OpenClaw 2026.3.23 or later; prioritize administrative and production environments. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2026-35660 vulnerability details – vuln.today

Back

CVE-2026-35660

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Share

CVE-2026-35660

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Share

External POC / Exploit Code