CVE-2026-42421
Received Received - Intake
Session Management Flaw in OpenClaw WebSocket Allows Unauthorized Access

Publication date: 2026-04-28

Last updated on: 2026-04-30

Assigner: VulnCheck

Description
OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-28
Last Modified
2026-04-30
Generated
2026-06-16
AI Q&A
2026-04-28
EPSS Evaluated
2026-06-15
NVD
CVE-2026-42421
EUVD
EUVD-2026-26124
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
openclaw openclaw to 2026.4.8 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-613 According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-42421 is a session management vulnerability in OpenClaw versions before 2026.4.8. The issue occurs because existing WebSocket sessions remain active even after the shared gateway token is rotated.

This means that when the token used to authenticate WebSocket connections is changed, the old sessions authenticated with the previous token are not disconnected as expected.

Attackers can exploit this flaw to maintain unauthorized access to WebSocket connections by continuing to use sessions tied to the old token.

Impact Analysis

This vulnerability can allow attackers to maintain unauthorized access to WebSocket connections even after token rotation, which is intended to invalidate old sessions.

As a result, an attacker with low privileges and no user interaction can persist in accessing or interacting with the system beyond the intended session lifetime.

The impact includes partial compromise of confidentiality and integrity of the WebSocket communication, but it does not affect availability.

Compliance Impact

The vulnerability involves insufficient session expiration, allowing unauthorized access to WebSocket sessions after token rotation. This could potentially lead to unauthorized access to sensitive data or systems.

Such unauthorized access risks may impact compliance with standards and regulations like GDPR or HIPAA, which require strict controls on session management and access to protect personal or sensitive information.

However, the provided information does not explicitly state the direct impact on compliance with these regulations.

Detection Guidance

This vulnerability involves existing WebSocket sessions persisting after shared gateway token rotation, allowing unauthorized access. Detection would involve monitoring WebSocket connections to see if sessions authenticated with old tokens remain active after token rotation.

Specific commands or detection methods are not provided in the available resources.

Mitigation Strategies

The immediate mitigation step is to upgrade OpenClaw to version 2026.4.8 or later, where the vulnerability has been fixed.

This update ensures that existing WebSocket sessions are properly disconnected upon shared gateway token rotation, preventing unauthorized session persistence.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42421. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart