CVE-2026-42421 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can main…
Low CVSS: 2.3

CVE-2026-42421

OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions.
Vendor
-
Product
-
CWE
CWE-613
Yayın Tarihi
2026-04-28 19:37:45
Güncelleme
2026-04-28 20:10:23
Source Identifier
disclosure@vulncheck.com
KEV Date Added
-

Kategoriler

CWE-613 LOW 2026

Referanslar

https://github.com/openclaw/openclaw/commit/d7c3210cd6f5fdfdc1beff4c9541673e814354d5 https://github.com/openclaw/openclaw/security/advisories/GHSA-5h3f-885m-v22w https://www.vulncheck.com/advisories/openclaw-websocket-session-persistence-via-shared-gateway-token-rotation