CVE-2026-34503

Published March 31st, 2026

View on NVD ↗

CVSS v3

8.1

HIGH

CVSS v2

N/A

Affected

PROJECT

Description

OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection.

openclaw/openclaw

Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞

GitHub

380K