CVE-2026-34503 - Vulnerability Analysis
HighCVSS: 8.1Last Updated: March 31, 2026
OpenClaw - Authentication Bypass
Overview
OpenClaw < 2026.3.28 contains an authentication bypass caused by failure to disconnect active WebSocket sessions when devices are removed or tokens revoked, letting attackers with revoked credentials maintain unauthorized access through live sessions.
Severity & Score
Impact
Attackers with revoked credentials can maintain unauthorized access through active sessions, risking data exposure and unauthorized actions.
Mitigation
Update to version 2026.3.28 or later.
References
Social Media Activity(2 posts)
š CVE-2026-34503 - High (7.5) OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection. š https://www.thehackerwire.com/vulnerability/CVE-2026-34503/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š CVE-2026-34503 - High (7.5) OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when devices are removed or tokens are revoked. Attackers with revoked credentials can maintain unauthorized access through existing live sessions until forced reconnection. š https://www.thehackerwire.com/vulnerability/CVE-2026-34503/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-34503
- Severity
- High
- CVSS Score
- 8.1
- Type
- broken_authentication
- Status
- new
- EPSS
- 0.0%
- Social Posts
- 2
CWE
- CWE-613
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N