Is there a patch available for CVE-2026-45005?

Yes, a patch is available for CVE-2026-45005. Update the affected software to the latest version immediately.

OpenClaw CVE-2026-45005

Q: What is the CVSS score of CVE-2026-45005?

CVE-2026-45005 has a CVSS 4.0 base score of 5.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-29150 MEDIUM

Operation on a Resource after Expiration or Release (CWE-672)

2026-05-11 VulnCheck

GHSA-v8j2-5f9p-fmh4

Information Disclosure

5.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

May 11, 2026 - 18:22 NVD

6.0 (MEDIUM) 5.9 (MEDIUM)

Source Code Evidence Fetched

May 11, 2026 - 17:48 vuln.today

Analysis Generated

May 11, 2026 - 17:48 vuln.today

CVE Published

May 11, 2026 - 16:46 nvd

MEDIUM 6.0

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

1 npm packages depend on openclaw (1 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.4.23.

DescriptionNVD

OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook route secrets can continue authenticating requests and invoking configured webhook task flows until gateway or plugin restart.

AnalysisAI

OpenClaw before 2026.4.23 fails to invalidate cached webhook route secrets after rotation, allowing attackers with previously valid secrets to continue authenticating webhook requests and invoking task flows until gateway restart. The vulnerability affects SecretRef-backed webhook authentication where the resolved secret is cached at startup rather than re-resolved per request, weakening credential rotation effectiveness. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-45005 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-45005

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-45005

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code