CVE-2026-42421
OpenClaw prior to 2026.4.8 suffers a session-management vulnerability in which existing WebSocket sessions persist after shared gateway token rotation. This allows an unauthorized party to maintain access to WebSocket connections even after token rotation, due to failure to disconnect existing sh...