CVE-2026-43585 affects OpenClaw versions before 2026.4.15, where the application captures bearer authentication configuration only at startup. This design flaw allows revoked tokens to remain valid even after SecretRef rotation occurs. The vulnerability exists because Gateway HTTP and WebSocket handlers fail to re-resolve authentication credentials on a per-request basis. Attackers can exploit this by continuing to use rotated-out bearer tokens for unauthorized gateway access. The issue enables authentication bypass through stale token validation, compromising the security of OpenClaw gateway services.