PT-2026-35798 · Openclaw · Openclaw
Kexna
·
Published
2026-04-28
·
Updated
2026-04-28
·
CVE-2026-41916
CVSS v3.1
5.4
Medium
| AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N |
OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through config reload operations.
Fix
Insufficient Session Expiration
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Openclaw