Vulnerabilities

Report: CVE-2026-42421 - OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rot

2026-04-28 0 views admin

CVE ID :CVE-2026-42421 Published : April 28, 2026, 7:37 p.m. | 1 hour, 2 minutes ago Description :OpenClaw before 2026.4.8 contains a session management vulnerability where existing WebSocket sessions survive shared gateway token rotation. Attackers can maintain unauthorized access to WebSocket connections after token rotation by exploiting the failure to disconnect existing shared-token sessions. Severity: 5.4 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-42421

Severity

MEDIUM

Published

April 28, 2026

🏷️ Tags

report42421openclawwebsocketsessionpersistencesharedgatewaytokencve

InfinitSec - Latest Cybersecurity, Technology & Gaming News

Report: CVE-2026-42421 - OpenClaw < 2026.4.8 - WebSocket Session Persistence via Shared Gateway Token Rot

CVE Details

🏷️ Tags

More from Vulnerabilities

Report: CVE-2026-42420 - OpenClaw < 2026.4.8 - Improper Base64 Decoding Size Validation

Report: CVE-2026-41916 - OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

Report: CVE-2026-41915 - OpenClaw < 2026.4.8 - Git Environment Variable Injection via Unfiltered Exec Env

Report: - OpenClaw < 2026.4.4 - Rate-Limit Bypass via Concurrent Async Authentication Atte... CVE-2026-41913

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting