PT-2026-34787 · Openclaw · Openclaw
Keensecuritylab
·
Published
2026-04-03
·
Updated
2026-04-25
·
CVE-2026-41356
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
OpenClaw versions prior to 2026.3.31
Description
The software fails to terminate active WebSocket sessions during the rotation of device tokens. This allows attackers who possess previously compromised credentials to maintain unauthorized access via existing WebSocket connections even after the tokens have been rotated.
Recommendations
Update to version 2026.3.31.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw