CVE-2026-43585

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.15

Description The software captures resolved bearer-auth configuration during startup, which allows revoked tokens to remain valid after a SecretRef rotation. The Gateway HTTP and WebSocket handlers do not re-resolve authentication for each request, enabling unauthorized gateway access using tokens that have been rotated out.

Recommendations Update to version 2026.4.15 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-324CWE-672

Related Identifiers

CVE-2026-43585

GHSA-M8WM-R5VQ-QJPG

GHSA-XMXX-7P24-H892

Affected Products

Openclaw

CVE-2026-43585

Weakness Enumeration

Related Identifiers

Affected Products

References · 10