CVE-2026-35628
Published
CVSS v3
4.8
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeated authentication guesses without throttling, permitting attackers to systematically guess webhook secrets through brute-force attacks.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub