AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

GHSA-68x5-xx89-w9mm: OpenClaw: resolvedAuth closure becomes stale after config reload

mediumvulnerability

security

Source: GitHub Advisory DatabaseApril 9, 2026

Summary

OpenClaw, a local AI assistant software, had a bug where authentication state (the stored information about who is allowed to connect) could become outdated after the system reloaded its configuration, potentially allowing new connections to use old, incorrect permission settings. This vulnerability affected OpenClaw versions 2026.4.1 and earlier.

Solution / Mitigation

Update OpenClaw to version 2026.4.8 or later. The fix is available in the patched npm version, and the underlying code change is available in commit d7c3210cd6f5fdfdc1beff4c9541673e814354d5 on the main development branch.

Classification

Attack SophisticationModerate

Affected Packages

openclaw@< 2026.4.8 (fixed: 2026.4.8)

Monthly digest — independent AI security research

Original source: https://github.com/advisories/GHSA-68x5-xx89-w9mm

First tracked: April 9, 2026 at 02:00 PM

Classified by LLM (prompt v3) · confidence: 75%