GHSA-4w7m-58cg-cmff: OpenClaw: Leaf subagents could steer sibling sessions across sandbox boundaries

March 13, 2026

In affected versions of openclaw, sandboxed leaf subagents could still access the subagents control surface and resolve against the parent requester scope instead of remaining confined to their own session tree.

References

github.com/advisories/GHSA-4w7m-58cg-cmff
github.com/openclaw/openclaw
github.com/openclaw/openclaw/releases/tag/v2026.3.11
github.com/openclaw/openclaw/security/advisories/GHSA-4w7m-58cg-cmff

Code Behaviors & Features

Detect and mitigate GHSA-4w7m-58cg-cmff with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →