Description
OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially executing unauthorized actions depending on operator configuration.
Published: 2026-06-12
Score: 6 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

OpenClaw versions earlier than 2026.4.24 allow commands to execute with a slash token that has already been revoked. The delay between token revocation and the monitor refresh means that a token can remain accepted for a brief window after revocation. Attackers can use this window to invoke slash command behavior and potentially perform actions that the operator had removed from the token’s permissions. The flaw is a token validation issue (CWE-613) that can lead to unauthorized command execution.

Affected Systems

The vulnerability affects the OpenClaw product from OpenClaw. All installations running any 2026.4 release before version 2026.4.24 are susceptible. No older or newer versions are impacted according to the CNA information.

Risk and Exploitability

The CVSS score of 6 indicates a moderate risk, and the EPSS score is not published, so the likelihood of exploitation is unclear but the flaw could be exploited by anyone who has a valid slash token that they might revoke. Because the vulnerability relies on a timing window, attackers might attempt to trigger command execution during the monitor refresh delay. The flaw is not listed in the CISA KEV catalog, but the moderate severity and potential for unauthorized command execution warrants prompt remediation. Attackers could exploit existing tokens on the network or via compromised user accounts; no network portion is required beyond having the revoked token.

Generated by OpenCVE AI on June 12, 2026 at 23:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OpenClaw to version 2026.4.24 or newer to remove the token revocation gap.
  • If an upgrade is not immediately possible, restrict or disable slash command usage on privileged accounts until the patch is applied.
  • Configure the monitor refresh interval to the minimum allowable value or disable monitor refresh for critical commands until the revocation logic is fixed.
  • Monitor logs for use of revoked slash tokens and investigate any anomalous command executions.

Generated by OpenCVE AI on June 12, 2026 at 23:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 12 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
Description OpenClaw before 2026.4.24 contains a token revocation vulnerability allowing callers with revoked slash tokens to continue executing commands during monitor refresh windows. Attackers can exploit stale token acceptance to invoke slash command behavior briefly after token revocation, potentially executing unauthorized actions depending on operator configuration.
Title Mattermost < 2026.4.24 - Slash Token Revocation Lag via Monitor Refresh Delay
First Time appeared Openclaw
Openclaw openclaw
Weaknesses CWE-613
CPEs cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:node.js:*:*
Vendors & Products Openclaw
Openclaw openclaw
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N'}

cvssV4_0

{'score': 6, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Openclaw Openclaw
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-12T21:56:51.614Z

Reserved: 2026-06-10T21:16:07.496Z

Link: CVE-2026-53824

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-12T22:16:53.613

Modified: 2026-06-12T22:16:53.613

Link: CVE-2026-53824

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-13T00:15:19Z

Weaknesses
  • CWE-613

    Insufficient Session Expiration