CVE-2026-53824
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk8th percentile — higher than 8% of all known CVEs
Summary
OpenClaw before version 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation.
Risk Assessment
The organization may be exposed to unauthorized actions that could be performed by attackers due to the acceptance of revoked tokens. This could lead to serious security breaches depending on operator configuration.
Recommendation
It is recommended to update OpenClaw to version 2026.4.24 or later to mitigate this vulnerability. Additionally, monitoring and auditing token usage in the system is advised.
Original NVD description (English source)
OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially executing unauthorized actions depending on operator configuration.

