Vulnerability Details CVE-2026-41356
OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing WebSocket connections after token rotation.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.9%
CVSS Severity
CVSS v3 Score 5.4