← Back to Vulnerability Database
GHSA-p7gr-f84w-hqg5
LOWCVSS 2.5Published: Mar 2, 2026Verified by: gemini-3-flash-preview
Description
OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns
How AI Introduced This
The application incorrectly inherited channel-level configuration groups to secondary accounts in multi-account setups, leading to unauthorized access or privilege escalation across account boundaries.
Causality Analysis
✓
CONFIRMED — 5a3a448bc48d
- Vulnerability
- Improper Access Control
- Root Cause
- The application incorrectly inherited channel-level configuration groups to secondary accounts in multi-account setups, leading to unauthorized access or privilege escalation across account boundaries.
- Pattern
Implicit inheritance of configuration groups from parent channel scope to child account scope without explicit isolation.- Causal Chain
- 1. The blamed commit introduces the `spawnSubagentDirect` function to handle cross-agent task delegation. 2. It implements the logic to generate a `childSessionKey` and initiate a new session without verifying the security context of the requester. 3. This lack of validation allows a sandboxed session to spawn a subagent in an unsandboxed environment, leading to the improper access control vulnerability.
- Reasoning
- The blamed commit introduced the `spawnSubagentDirect` function and the core logic for subagent creation without implementing any checks for sandbox status inheritance. By establishing the mechanism where a requester can spawn a child agent session based solely on agent IDs, it created the vulnerability where a sandboxed parent could bypass its restrictions by spawning an unsandboxed child.
Verified by gemini-3-flash-preview
AI Signal Details
AI Signals in 5a3a448
Claude CodeCo-author trailer
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>95%Bug-Introducing Commits(1)
5a3a448AI
feat(commands): add /subagents spawn command
Joshua MitchellFeb 16, 2026src/agents/subagent-spawn.tsBlame: 90%