6.9

CVE-2026-41343

OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency

OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to cause transient availability loss. Remote attackers can flood the webhook endpoint with concurrent requests before signature verification to exhaust resources and degrade service availability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
OpenClawOpenClaw SwPlatformnode.js Version < 2026.3.31
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.46% 0.363
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
disclosure@vulncheck.com 6.9 0 0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
disclosure@vulncheck.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CWE-799 Improper Control of Interaction Frequency

The product does not properly limit the number or frequency of interactions that it has with an actor, such as the number of incoming requests.

https://github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad
Patch
https://github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2
Vendor Advisory
https://www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency
Third Party Advisory