CVE-2026-42421
Session Management Flaw in OpenClaw WebSocket Allows Unauthorized Access
Publication date: 2026-04-28
Last updated on: 2026-04-30
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| openclaw | openclaw | to 2026.4.8 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-613 | According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization." |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability involves insufficient session expiration, allowing unauthorized access to WebSocket sessions after token rotation. This could potentially lead to unauthorized access to sensitive data or systems.
Such unauthorized access risks may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls on session management and access to protect personal or sensitive information.
However, the provided information does not explicitly state the direct impact on compliance with these regulations.
Can you explain this vulnerability to me?
CVE-2026-42421 is a session management vulnerability in OpenClaw versions before 2026.4.8. The issue occurs because existing WebSocket sessions remain active even after the shared gateway token is rotated.
This means that when the token used to authenticate WebSocket connections is changed, the old sessions authenticated with the previous token are not disconnected as expected.
Attackers can exploit this flaw to maintain unauthorized access to WebSocket connections by continuing to use sessions tied to the old token.
How can this vulnerability impact me? :
This vulnerability can allow attackers to maintain unauthorized access to WebSocket connections even after token rotation, which is intended to invalidate old sessions.
As a result, an attacker with low privileges and no user interaction can persist in accessing or interacting with the system beyond the intended session lifetime.
The impact includes partial compromise of confidentiality and integrity of the WebSocket communication, but it does not affect availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves existing WebSocket sessions persisting after shared gateway token rotation, allowing unauthorized access. Detection would involve monitoring WebSocket connections to see if sessions authenticated with old tokens remain active after token rotation.
Specific commands or detection methods are not provided in the available resources.
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade OpenClaw to version 2026.4.8 or later, where the vulnerability has been fixed.
This update ensures that existing WebSocket sessions are properly disconnected upon shared gateway token rotation, preventing unauthorized session persistence.