What is CVE-2026-34503?

A high-severity vulnerability (CVSS 7.5) in OpenClaw before 2026.3.28 where device removal or token revocation does not terminate active WebSocket sessions, allowing continued unauthorized access.

How can CVE-2026-34503 be exploited?

An attacker with revoked credentials can maintain access through already-established WebSocket connections. Token revocation during incident response fails to protect against sessions that were active before revocation.

How do I fix CVE-2026-34503?

Upgrade to OpenClaw version 2026.3.28 or later, which includes the patch for WebSocket session termination on token revocation.

What is the CVSS score for CVE-2026-34503?

CVSS 7.5 (High). The vulnerability impacts confidentiality and integrity by allowing sessions to persist after intended credential removal.

Which OpenClaw versions are affected by CVE-2026-34503?

All versions before 2026.3.28 are affected. Users should upgrade immediately, especially if they rely on token revocation as part of their incident response workflow.

← Back to dashboard

clawsmith.com/signal/cve-2026-34503-websocket-token-revocation-bypass

⚠ IssueWide OpenSecurityLive

CVE-2026-34503: OpenClaw WebSocket Sessions Persist After Token Revocation (CVSS 7.5)

OpenClaw before 2026.3.28 fails to disconnect active WebSocket sessions when tokens are revoked. Attackers maintain unauthorized access through live sessions. Incident response token revocation ineffective for established connections.

Product Idea from this Signal

A network firewall that blocks WebSocket hijack attacks on local OpenClaw agents before malicious sites connect

900 ▲

Any website can silently connect to your local OpenClaw agent via WebSocket brute-force and steal data, execute commands, or exfiltrate credentials. The ClawJacked vulnerability (85K+ virality, CVSS 8.8-9.9) affects every default OpenClaw install running on localhost. Existing patches only cover specific CVEs while new WebSocket attack vectors keep appearing weekly. This tool runs as a local proxy between the browser and the OpenClaw gateway, validating every WebSocket connection against an allowlist of trusted origins, blocking unauthorized handshakes, and logging all connection attempts for forensic review.

SECURITYCLIDEVTOOLOPEN-SOURCE

CompetitiveView Opportunity →