← voltar
CVE-2026-41356

OpenClaw < 2026.3.31 - Incomplete WebSocket Session Termination in device.token.rotate

CVSS 2.3 LOWEPSS 0.2%CWE-613
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333dhttps://github.com/openclaw/openclaw/security/advisories/GHSA-rfqg-qgf8-xr9xhttps://www.vulncheck.com/advisories/openclaw-incomplete-websocket-session-termination-in-device-token-rotate