CVE-2026-43585

Published: Mag 06, 2026 Last Modified: Mag 06, 2026

ExploitDB:

Other exploit source:

Google Dorks:

CRITICAL 9,2

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

HIGH 8,1

Source: [email protected]

Attack Vector: network

Attack Complexity: high

Privileges Required: none

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: high

Description

AI Translation Available

OpenClaw before 2026.4.15 captures resolved bearer-auth configuration at startup, allowing revoked tokens to remain valid after SecretRef rotation. Gateway HTTP and WebSocket handlers fail to re-resolve authentication per-request, enabling attackers to use rotated-out bearer tokens for unauthorized gateway access.

672

Operation on a Resource after Expiration or Release

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Integrity Confidentiality Other Availability

Potential Impacts:

Modify Application Data Read Application Data Other Dos: Crash, Exit, Or Restart

Applicable Platforms

Technologies: Mobile

View CWE Details

https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1a…

https://github.com/openclaw/openclaw/commit/acd4e0a32f12e1ad85f3130f63b42443ce9…

https://github.com/openclaw/openclaw/security/advisories/GH…

https://github.com/openclaw/openclaw/security/advisories/GHSA-xmxx-7p24-h892

https://www.vulncheck.com/advisories/openclaw-bearer-token-…

https://www.vulncheck.com/advisories/openclaw-bearer-token-validation-bypass-vi…

CVE-2026-43585

Description

Operation on a Resource after Expiration or Release

Common Consequences

Applicable Platforms

Iscriviti alla newsletter