Security Advisory

CVE-2026-35646

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-09 21:27:11

Last updated 2026-04-10 13:57:32

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.

← Browse all CVEs View on cve.org ↗