Security Advisory

CVE-2026-35628

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 21:27:00

Last updated 2026-04-13 18:15:08

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks.

← Browse all CVEs View on cve.org ↗