The chat.send path reused command authorization to trigger /reset session rotation even though direct session reset is an admin-only control-plane operation.
A write-scoped gateway caller could rotate a target session, archive the prior transcript state, and force a new session id without admin scope.
src/gateway/server-methods/chat.ts, src/auto-reply/reply/session.ts
<= 2026.3.24>= 2026.3.282026.3.28 contains the fix.Fixed by commit be00fcfccb (Gateway: align chat.send reset scope checks).
2026.3.28Exploitability
AV:NAC:LAT:NPR:LUI:NVulnerable System
VC:NVI:HVA:LSubsequent System
SC:NSI:NSA:N7.1/CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N