OpenClaw LINE Webhook Pre-Authentication Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in OpenClaw versions prior to 2026.3.31. The issue arises in the public LINE webhook handler, which lacks a shared pre-authentication concurrency budget. This vulnerability allows remote attackers to flood the webhook endpoint with concurrent requests before signature verification, leading to resource exhaustion and degraded service availability.

Impact

Exploitation of this vulnerability causes a transient denial-of-service condition, where the service becomes temporarily unavailable due to resource exhaustion.

Reproduction

The vulnerability can be reproduced by sending a high volume of concurrent requests to the LINE webhook endpoint before the signature verification process. This can be done using a tool or script that automates the sending of multiple requests simultaneously, effectively overwhelming the webhook handler and causing a denial-of-service condition.

Remediation

Users can upgrade to OpenClaw version 2026.3.31 or later to address this vulnerability.