← voltar
CVE-2026-42421

OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rotation

CVSS 2.3 LOWEPSS 0.2%CWE-613
OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions.
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
Produtos afetados
OpenClaw · OpenClaw

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22whttps://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation