Tag
OpenClaw versions prior to 2026.4.15 have a vulnerability where gateway HTTP and WebSocket handlers cache bearer-auth configuration at server startup, allowing a revoked token to remain valid after SecretRef rotation until restart, potentially granting unauthorized access.