CVE-2026-34503 in OpenClaw
Сводка (Английский)
OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Ответственный
VulnCheck
Резервировать
30.03.2026
Раскрытие
31.03.2026
Статус
Подтверждённый
Записи
VulDB provides additional information and datapoints for this CVE:
| ИД | Уязвимость | CWE | Экс | Кон | CVE |
|---|---|---|---|---|---|
| 354415 | OpenClaw WebSocket слабая аутентификация | 613 | Не определено | Официальное исправление | CVE-2026-34503 |