OpenClaw Webhook Token Validation Rate-Limit Bypass Vulnerability

A pre-authentication rate-limit bypass vulnerability has been identified in OpenClaw versions prior to 2026.3.25. This vulnerability allows attackers to brute-force weak webhook secrets by exploiting the webhook token validation process. Invalid tokens are rejected without any delay, enabling rapid successive requests that can guess weak tokens. The issue has been verified on version 2026.3.24 and exists in the Synology Chat integration.

Impact

Exploitation of this vulnerability allows for brute-force attacks on webhook tokens, potentially leading to unauthorized actions being performed on behalf of the user or application the webhook is associated with.

Reproduction

To reproduce this vulnerability, send a series of rapid requests to the webhook endpoint with invalid tokens. The absence of throttling on these repeated attempts will demonstrate the rate-limit bypass. This can be automated with a script that sends multiple requests per minute, targeting the webhook validation process.

Remediation

Users can update to OpenClaw version 2026.3.25 or later to address this vulnerability.