CVE-2026-41916
Authentication Bypass in OpenClaw via Stale Auth State After Reload
Publication date: 2026-04-28
Last updated on: 2026-04-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the resolvedAuth closure becoming stale after a configuration reload in OpenClaw versions prior to 2026.4.8, allowing authentication bypass. Detection would involve verifying the OpenClaw version in use and monitoring for configuration reload events that might cause stale authentication states.
To detect if your system is vulnerable, first check the installed OpenClaw version. If it is earlier than 2026.4.8, the system is potentially affected.
- Run a command to check the OpenClaw version, for example: `openclaw --version` or `npm list openclaw` if installed via npm.
- Monitor logs or events related to configuration reloads in OpenClaw to identify if authentication state is being reused improperly.
There are no specific detection commands or network signatures provided in the available resources.
Can you explain this vulnerability to me?
This vulnerability affects OpenClaw versions before 2026.4.8 and involves an authentication state management flaw. Specifically, the resolvedAuth closure becomes stale after a configuration reload, meaning that newly accepted gateway connections continue to use outdated authentication state. This allows attackers to bypass authentication controls by exploiting the configuration reload process.
The issue is classified under CWE-613 (Insufficient Session Expiration), where old session credentials or states remain valid beyond their intended lifecycle, potentially allowing unauthorized reuse.
How can this vulnerability impact me? :
The vulnerability can allow attackers to bypass authentication controls by exploiting the stale authentication state after a configuration reload. This means unauthorized users could gain access to gateway connections that should require valid authentication, potentially leading to unauthorized access to systems or data.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade OpenClaw to version 2026.4.8 or later, where the issue with stale resolvedAuth closure after configuration reload has been fixed.
This update ensures that newly accepted gateway connections do not continue using outdated authentication state, preventing attackers from bypassing authentication controls.