CVE-2026-45005 — MEDIUM (6.0)

Q: How severe is CVE-2026-45005?

CVE-2026-45005 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2026-45005?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.

Vulnerability Description

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until gateway or plugin restart.

CVSS Score

6.0

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Openclaw	Openclaw	< 2026.4.23

Related Weaknesses (CWE)

CWE-672

References

https://github.com/openclaw/openclaw/commit/36c4a372a0ad5dca8bfc0d93f7aab9c2f2dePatch
https://github.com/openclaw/openclaw/security/advisories/GHSA-q8ff-7ffm-m3r9Third Party Advisory
https://www.vulncheck.com/advisories/openclaw-webhook-route-secret-cache-not-invThird Party AdvisoryPatch

FAQ

What is CVE-2026-45005?

CVE-2026-45005 is a vulnerability with a CVSS score of 6.0 (MEDIUM). OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook ro...

How severe is CVE-2026-45005?

CVE-2026-45005 has been rated MEDIUM with a CVSS base score of 6.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2026-45005?

Check the references section above for vendor advisories and patch information. Affected products include: Openclaw Openclaw.