top of page
perceptive_background_267k.jpg

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP…

Published:

5 mei 2026 om 22:00:00

Alert date:

6 mei 2026 om 21:05:32

Source:

nvd.nist.gov

Click to open the original link from this advisory

Identity & Access, Web Technologies

OpenClaw versions before 2026.4.15 contain a critical authentication bypass vulnerability where bearer authentication tokens are cached at startup and not refreshed per-request. This allows revoked tokens to remain valid even after SecretRef rotation, enabling attackers to use expired bearer tokens for unauthorized access to gateway HTTP and WebSocket handlers. The vulnerability stems from the failure to re-resolve authentication configurations on each request, creating a significant security gap in token validation processes.

Technical details

Mitigation steps:

Affected products:

OpenClaw

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-43585
https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce90f094
https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892
https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-via-stale-secretref-resolution

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page