Vulnerabilities

CVE-2026-41356

by Fred · 23/04/2026

OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.

More information : https://github.com/openclaw/openclaw/commit/91f7a6b0fd67b703897e6e307762d471ca09333d

Similar

Tags: Cybersecurity Alert