CVE Catalog

CVE-2026-53824

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

OpenClaw before version 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation.

Risk Assessment

The organization may be exposed to unauthorized actions that could be performed by attackers due to the acceptance of revoked tokens. This could lead to serious security breaches depending on operator configuration.

Recommendation

It is recommended to update OpenClaw to version 2026.4.24 or later to mitigate this vulnerability. Additionally, monitoring and auditing token usage in the system is advised.

Original NVD description (English source)

OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially executing unauthorized actions depending on operator configuration.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS