Primary

Context

OpenClaw Webhook Rate Limiting Bypass Vulnerability

Vulnerability

A vulnerability in OpenClaw versions prior to 2026.3.12 allows attackers to bypass rate limiting on webhook authentication. The issue arises because rate limiting is applied only after successful authentication, enabling repeated attempts to guess webhook secrets without triggering rate limit responses. This flaw facilitates systematic secret guessing, which can lead to forged webhook submissions.

Impact

Exploitation of this vulnerability makes it easier to brute-force weak webhook secrets, allowing for the submission of forged Zalo webhook traffic once a secret is successfully guessed.

Remediation

Users are advised to update to OpenClaw version 2026.3.12 or later and to use strong webhook secrets.

Added: Mar 31, 2026, 12:23 PM

Updated: Mar 31, 2026, 12:23 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

7.4

remediation

0.0

relevance

5.1

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

OpenClaw Webhook Rate Limiting Bypass Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating