OpenClaw WebSocket Session Management Vulnerability After Token Rotation
Vulnerability
A vulnerability exists in OpenClaw versions prior to 2026.3.31, where the application fails to terminate active WebSocket sessions when device tokens are rotated. This oversight allows attackers with previously compromised credentials to retain unauthorized access through existing WebSocket connections, creating a gap in session management and token revocation.
Impact
This vulnerability leads to insufficient session expiration, allowing continued access through WebSocket connections after credentials have been rotated.
Reproduction
The vulnerability can be reproduced by rotating a device token for a user with an active WebSocket session. After the token is rotated, the WebSocket session remains active, allowing continued access despite the credential change.
Remediation
Users can update to OpenClaw version 2026.3.31 or later, where this vulnerability has been addressed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.