CVE-2026-35646
Published
CVSS v3
4.8
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
OpenClaw before 2026.3.25 contains a pre-authentication rate-limit bypass vulnerability in webhook token validation that allows attackers to brute-force weak webhook secrets. The vulnerability exists because invalid webhook tokens are rejected without throttling repeated authentication attempts, enabling attackers to guess weak tokens through rapid successive requests.
Your own personal AI assistant. Any OS. Any Platform. The lobster way. 🦞
GitHub