Authorization bypass through user-controlled key in OpenClaw - #VU129451
Published: May 4, 2026
OpenClaw
Detailed vulnerability description
The vulnerability allows a remote user to inject messages into chosen sessions.
The vulnerability exists due to authorization bypass through a user-controlled key in the POST /hooks/agent endpoint when processing authenticated hook requests with externally supplied sessionKey values. A remote user can send a specially crafted request with a chosen sessionKey to inject messages into chosen sessions.
Exploitation requires a valid hook token, request-selected session keys to be accepted, and target session keys to be derivable or guessable.