CVE-2026-43585

Received Received - Intake

Bearer Token Validation Bypass in OpenClaw

Publication date: 2026-05-06

Last updated on: 2026-05-06

Assigner: VulnCheck

Description

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2026-05-06

Last Modified

2026-05-06

Generated

2026-05-07

EPSS Evaluated

N/A

NVD

CVE-2026-43585

EUVD

EUVD-2026-28182

Affected Vendors & Products

Vendor	Product	Version / Range
openclaw	openclaw	to 2026.4.15 (exc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-672	The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Attack-Flow Graph

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2026-43585

Bearer Token Validation Bypass in OpenClaw

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

Ask Our AI Assistant

EPSS Chart