GHSA-F76X-F9VJ-92JV NocoDB: Stale Auth Cache After API Token Deletion

Summary Deleted API tokens continued to authenticate requests until their cache entry expired, because the auth cache was not invalidated by token value at deletion time. Details The API token deletion path removed the database row but did not evict the token-value keyed entry from the auth cache...

CVE-2026-41916 OpenClaw < 2026.4.8 - Stale Authentication State via Config Reload

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

EUVD-2026-26122

OpenClaw before 2026.4.8 contains an authentication state management vulnerability where the resolvedAuth closure becomes stale after configuration reload. Newly accepted gateway connections continue using outdated resolved auth state, allowing attackers to bypass authentication controls through...

Insufficient Session Expiration

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Insufficient Session Expiration due to the resolvedAuth process becoming outdated after a configuration reload. An attacker can maintain unauthorized access by leveraging stale...