CVE-2026-34503 in OpenClawinformación

Resumen (Inglés)

OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Responsable

VulnCheck

Reservar

2026-03-30

Divulgación

2026-03-31

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerabilidad	CWE	Exp	Con	CVE
354415	OpenClaw WebSocket autenticación débil	613	No está definido	Arreglo oficial	CVE-2026-34503

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

MITRE
NVD
CVE Details

◂ AnteriorVisión De ConjuntoPróximo ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!