OpenClaw
CVE-2026-41362
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on different accounts by matching event_name and message_id parameters.
AnalysisAI
OpenClaw versions 2026.2.19 before 2026.3.31 allow authenticated attackers to suppress legitimate webhook events across different accounts in multi-tenant deployments by exploiting improper cache isolation in the Zalo webhook replay-deduplication mechanism. An attacker with control of one authenticated Zalo webhook path can match event_name and message_id parameters to suppress events on victim accounts, causing denial of service to webhook processing. No public exploit code or active exploitation has been identified, though the vulnerability requires valid authentication and incremental exploitation (AT:P), limiting immediate risk.
Technical ContextAI
The vulnerability exists in OpenClaw's Zalo webhook replay-deduplication cache mechanism, which is responsible for preventing duplicate webhook deliveries by tracking processed event_name and message_id pairs. The cache is improperly isolated across authenticated webhook targets in multi-account deployments, meaning the same cache storage is shared between different authenticated webhook paths belonging to different accounts. This violates tenant isolation principles in multi-tenant systems. CWE-668 (Exposure of Resource to Wrong Sphere) is the root cause-the replay-dedupe cache is accessible beyond its intended scope. An attacker who controls one authenticated webhook path can inject or match cache entries (event_name, message_id) to prevent legitimate events from being processed on other accounts' webhook targets, effectively suppressing those events.
RemediationAI
Upgrade OpenClaw to version 2026.3.31 or later, which corrects the cache isolation flaw in the Zalo webhook replay-deduplication mechanism. The fix is available via the upstream GitHub commits (4d038bb and 7cea7c2 referenced in the NVD entry). Until patching is possible, implement network-level segmentation to isolate webhook endpoints per tenant or account, ensuring different authenticated webhook paths cannot share the same cache storage backend. If multi-tenant deployments are unavoidable, implement per-tenant cache prefixing or namespacing at the application layer to prevent event_name/message_id collisions across accounts-this is a workaround with performance overhead due to increased cache storage footprint. Consult the GitHub Security Advisory (GHSA-fqrj-m88p-qf3v) for detailed mitigation steps and timeline guidance from the OpenClaw maintainers.
Auth bypass in OpenClaw voice-call extension before 2026.2.1. EPSS 0.68%. PoC and patch available.
Privilege escalation in OpenClaw (pre-2026.3.28) allows unauthenticated remote attackers to gain administrative access b
OpenClaw versions 2026.2.22 through 2026.2.24 contain a privilege escalation vulnerability that allows authenticated att
An authorization mismatch vulnerability in OpenClaw versions prior to 2026.3.1 allows authenticated users with operator.
OpenClaw versions prior to 2026.1.29 automatically establish WebSocket connections to attacker-controlled gateway URLs e
Path traversal in OpenClaw through version 2026.3.23 enables unauthenticated remote attackers to read arbitrary files in
OpenClaw sandbox browser functionality launches x11vnc for noVNC observer sessions without requiring authentication, all
OpenClaw versions before 2026.2.26 allow authenticated attackers to write arbitrary files outside the workspace director
OpenClaw versions prior to 2026.2.22 contain a shell environment variable injection vulnerability in the system.run func
OpenClaw versions prior to 2026.2.22 contain a resource exhaustion vulnerability where the application fails to consiste
OpenClaw versions prior to 2026.3.1 contain a sandbox escape vulnerability that allows authenticated attackers with low
OpenClaw versions 2026.1.30 and below fail to validate Telegram webhook secret tokens when `channels.telegram.webhookSec
Same weakness CWE-668 – Exposure of Resource to Wrong Sphere
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today