CVE-2026-41343 OpenClaw < 2026.3.31 - Denial of Service via LINE Webhook Handler Pre-Auth Concurrency

🗓️ 23 Apr 2026 21:58:02Reported by VulnCheckType

OpenClaw before 2026.3.31 has pre authentication concurrency DoS on the LINE webhook, causing transient availability loss.

Reporter	Title	Published	Views	Family All 14
ATTACKERKB	CVE-2026-41343	23 Apr 202621:58	–	attackerkb
CNNVD	OpenClaw 安全漏洞	23 Apr 202600:00	–	cnnvd
CVE	CVE-2026-41343	23 Apr 202621:58	–	cve
EUVD	EUVD-2026-25327	24 Apr 202600:31	–	euvd
Github Security Blog	Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification	24 Apr 202600:31	–	github
Github Security Blog	OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification	2 Apr 202621:01	–	github
NVD	CVE-2026-41343	23 Apr 202622:16	–	nvd
OSV	GHSA-2HV5-4H3G-4HJV Duplicate Advisory: OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification	24 Apr 202600:31	–	osv
OSV	GHSA-QCC3-JQWP-5VH2 OpenClaw: LINE webhook handler lacks shared pre-auth concurrency budget before signature verification	2 Apr 202621:01	–	osv
OSV	MINI-RV9R-6HCM-HCR9	29 Apr 202621:03	–	osv

[
  {
    "vendor": "OpenClaw",
    "product": "OpenClaw",
    "defaultStatus": "unaffected",
    "packageURL": "pkg:npm/openclaw",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "versionType": "semver",
        "lessThan": "2026.3.31"
      },
      {
        "version": "2026.3.31",
        "status": "unaffected",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
github	www.github.com/openclaw/openclaw/security/advisories/GHSA-qcc3-jqwp-5vh2
github	www.github.com/openclaw/openclaw/commit/57c47d8c7fbf5a2e70cc4dec2380977968903cad
vulncheck	www.vulncheck.com/advisories/openclaw-denial-of-service-via-line-webhook-handler-pre-auth-concurrency

23 Apr 2026 21:58Current

CVSS 3.15.3

CVSS 46.9

EPSS0.00158

CWE-799