Security Advisory

CVE-2026-34505

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-31 11:17:20

Last updated 2026-06-23 16:15:42

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.12 applies rate limiting only after successful webhook authentication, allowing attackers to bypass rate limits and brute-force webhook secrets. Attackers can submit repeated authentication requests with invalid secrets without triggering rate limit responses, enabling systematic secret guessing and subsequent forged webhook submission.

← Browse all CVEs View on cve.org ↗