Security Advisory

CVE-2026-35665

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-10 16:03:25

Last updated 2026-04-10 16:58:15

Assigner VulnCheck

State PUBLISHED

Description

OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries.

← Browse all CVEs View on cve.org ↗