Is there a patch available for CVE-2026-35665?

Yes, a patch is available for CVE-2026-35665. Update the affected software to the latest version immediately.

OpenClaw CVE-2026-35665

Q: What is the CVSS score of CVE-2026-35665?

CVE-2026-35665 has a CVSS 4.0 base score of 6.9 (Medium). CVSS vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2026-21476 MEDIUM

Asymmetric Resource Consumption (Amplification) (CWE-405)

2026-04-10 VulnCheck

Information Disclosure

6.9

CVSS 4.0

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 10, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Apr 10, 2026 - 16:30 euvd

EUVD-2026-21476

Analysis Generated

Apr 10, 2026 - 16:30 vuln.today

CVE Published

Apr 10, 2026 - 16:03 nvd

MEDIUM 6.9

Blast Radius

ecosystem impact

† from your stack dependencies † transitive graph · vuln.today resolves 4-path depth

3 npm packages depend on openclaw (3 direct, 0 indirect)

Ecosystem-wide dependent count for version 2026.3.24.

DescriptionNVD

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.

AnalysisAI

OpenClaw before version 2026.3.24 allows unauthenticated remote denial of service via the Feishu webhook handler, which accepts request bodies up to 1MB with a 30-second timeout before verifying the request signature. An attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests, blocking legitimate webhook deliveries and degrading service availability. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-35665 vulnerability details – vuln.today

Back

OpenClaw CVE-2026-35665

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Analysis

Full analysis requires sign-in

Share

OpenClaw CVE-2026-35665

CVSS VectorNVD

Lifecycle Timeline

Blast Radius

DescriptionNVD

AnalysisAI

Full analysis requires sign-in

Share

External POC / Exploit Code