AI Threat Alert AI Threat Alert

GHSA-q8ff-7ffm-m3r9

GHSA-q8ff-7ffm-m3r9 MEDIUM
Published May 5, 2026

## Summary OpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway...

Full CISO analysis pending enrichment.

Affected Systems

Package Ecosystem Vulnerable Range Patched
openclaw npm < 2026.4.23 2026.4.23
4 dependents 93% patched ~0d to patch Full package profile →

Do you use openclaw? You're affected.

Severity & Risk

CVSS 3.1
6.0 / 10
EPSS
N/A
Exploitation Status
No known exploitation
Sophistication
N/A

Attack Surface

AV AC PR UI S C I A
AV Network
AC Low
PR High
UI None
S Unchanged
C Low
I High
A Low

Recommended Action

Patch available

Update openclaw to version 2026.4.23

Compliance Impact

Compliance analysis pending. Sign in for full compliance mapping when available.

Frequently Asked Questions

What is GHSA-q8ff-7ffm-m3r9?

OpenClaw's Webhooks SecretRef route secret remains valid after rotation/reload

Is GHSA-q8ff-7ffm-m3r9 actively exploited?

No confirmed active exploitation of GHSA-q8ff-7ffm-m3r9 has been reported, but organizations should still patch proactively.

How to fix GHSA-q8ff-7ffm-m3r9?

Update to patched version: openclaw 2026.4.23.

What is the CVSS score for GHSA-q8ff-7ffm-m3r9?

GHSA-q8ff-7ffm-m3r9 has a CVSS v3.1 base score of 6.0 (MEDIUM).

Technical Details

NVD Description

## Summary OpenClaw webhooks allowed route secrets to be backed by `SecretRef` values, but cached the resolved secret for a route. After an operator rotated the underlying secret and ran `openclaw secrets reload`, the previous resolved webhook secret could remain valid until the plugin or gateway restarted. ## Impact An attacker who already had a previously valid webhook route secret could continue authenticating webhook requests after the operator rotated the secret and reloaded secrets. This weakened credential rotation for webhook routes and could allow continued invocation of the configured webhook task flow until restart. ## Affected Packages / Versions - Package: `openclaw` on npm - Affected: versions before `2026.4.23` - Fixed: `2026.4.23` - Latest stable verified fixed: `openclaw@2026.4.23`, tag `v2026.4.23` ## Fix Webhook route authentication now resolves `SecretRef`-backed route secrets on each request. A rotated secret becomes effective after `openclaw secrets reload` without requiring a gateway or plugin restart, and the old secret is rejected. ## Fix Commit(s) - `36c4a372a0ad5dca8bfc0d93f7aab9c2f2de66fa` (`fix(webhooks): reload route secrets per request`) ## Severity Severity remains `medium`. The attack requires possession of a previously valid route secret, but the stale credential can continue to authorize webhook actions after rotation.

Weaknesses (CWE)

CWE-613 Insufficient Session Expiration Primary

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:L

References

Timeline

Published
May 5, 2026
Last Modified
May 5, 2026
First Seen
May 5, 2026

Related Vulnerabilities

CRITICAL CVE-2026-30741 9.8

OpenClaw: RCE via request-side prompt injection

Same package: openclaw
CRITICAL CVE-2026-28451 9.3

OpenClaw: SSRF via Feishu extension exposes internal services

Same package: openclaw
HIGH GHSA-cwj3-vqpp-pmxr 8.8

Analysis pending

Same package: openclaw
HIGH GHSA-m3mh-3mpg-37hw 8.6

OpenClaw: .npmrc hijack enables RCE on plugin install

Same package: openclaw
HIGH CVE-2026-27001 7.8

OpenClaw: prompt injection via unsanitized workspace path

Same package: openclaw
Back to Threat Feed