216.73.216.67

CVE-2026-35646

· Published 09/04/2026 22:16 · Modified 09/04/2026 22:16

Labels: CVE-2026-35646 2026-04-09CVE-2026-35646CWE-307[email protected]

Essential information

Published
09/04/2026 22:16
Modified
09/04/2026 22:16
Author
Creator
CVSS
6.3 MEDIUM (v3) 6.3 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
openclaw / openclaw cpe:2.3:a:openclaw:openclaw:*:*:*:*:*:*:*:*

References