Primary

Context

OpenClaw Unbounded Memory Growth Vulnerability in Zalo Webhook Endpoint Allowing Denial-of-Service

Vulnerability

A vulnerability allowing unbounded memory growth has been identified in OpenClaw versions prior to 2026.3.1, specifically within the Zalo webhook endpoint. This vulnerability allows unauthenticated attackers to cause in-memory key accumulation by varying query strings in repeated requests. The exploitation of this vulnerability can lead to memory pressure, process instability, or out-of-memory conditions, all of which degrade service availability.

Impact

Exploitation of this vulnerability can cause significant memory pressure, leading to process instability or out-of-memory conditions, which degrade service availability.

Remediation

Users can update to OpenClaw version 2026.3.1 or later to address this vulnerability.

Added: Mar 19, 2026, 2:31 AM

Updated: Mar 19, 2026, 2:31 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

4.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Unbounded Memory Growth Vulnerability in Zalo Webhook Endpoint Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating