Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Blast Radius
ecosystem impact- 3 npm packages depend on openclaw (3 direct, 0 indirect)
Ecosystem-wide dependent count for version 2026.3.28.
DescriptionCVE.org
OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.
AnalysisAI
OpenClaw before version 2026.3.25 allows unauthenticated remote attackers to bypass pre-authentication rate limiting on webhook token validation, enabling brute-force attacks against weak webhook secrets through rapid successive requests. The vulnerability stems from absent throttling on invalid token rejection attempts, permitting attackers to enumerate valid tokens without login credentials or triggering defensive rate-limiting mechanisms.
Technical ContextAI
OpenClaw's webhook authentication mechanism validates incoming webhook tokens prior to processing webhook payloads. The vulnerability is rooted in CWE-307 (Improper Restriction of Excessive Authentication Attempts), a class of weakness where authentication systems fail to implement rate limiting or account lockout protections. The affected component lacks throttling or exponential backoff on repeated failed authentication attempts. Attackers can craft successive HTTP requests containing guessed webhook tokens; each invalid token is rejected without introducing delays or tracking failures across requests. This design flaw is particularly dangerous because webhook secrets are often weak or poorly randomized, making brute-force enumeration computationally feasible within acceptable attack timeframes. The CPE string cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:* indicates all versions of the OpenClaw application are potentially affected until the patched version is deployed.
RemediationAI
Vendor-released patch: OpenClaw 2026.3.25 or later. Immediately upgrade to the patched version using standard package management or release distribution channels. The upstream fix is documented in commit 0b4d07337467f4d40a0cc1ced83d45ceaec0863c on the OpenClaw GitHub repository (https://github.com/openclaw/openclaw/commit/0b4d07337467f4d40a0cc1ced83d45ceaec0863c). Consult the official security advisory at https://github.com/openclaw/openclaw/security/advisories/GHSA-mf5g-6r6f-ghhm for detailed upgrade instructions and any dependency-related changes. As an interim compensating control pending patch deployment, restrict network access to webhook endpoints via firewall rules or API gateway policies, allowing only trusted source IP ranges to submit webhook requests; however, this is a temporary mitigation and does not address the underlying vulnerability.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-21144
GHSA-59xc-5v89-r7pr